Firewall Wizards mailing list archives

icmp scans - what about fragmented ICMP packets ?

From: "Pawel Maciejewski" <laban () op onet pl>
Date: Fri, 13 Nov 1998 00:38:04 +0100

Hello again

I wonder is it possible (and usefull) to fragment ICMP packets (in ex. ICMP
echo request). Some firewalls (like sinus 0.2.9 if im not wrong) doesn't
like fragmented packets at all - if they don't know what to do with them,
they just drop or let them pass (of course it also may depends on few other
things in ex. kernel configuration). So it can be really nice way to scan
which hosts are alive behind the wall (when the wall has the blocked all
incoming ICMP packets, but let fragmented packets pass), and can be a
background for a next stage of attack.

Thanks and greetings

-= Signed =-
-= Pawel Maciejewski =-
-= e-mail : laban () op onet pl =-
-= ICQ #10839029 =-
----------------------------------------
   "Death comes to us all..."
----------------------------------------

Current thread:

icmp scans - what about fragmented ICMP packets ? Pawel Maciejewski (Nov 12)
- Re: icmp scans - what about fragmented ICMP packets ? Darren Reed (Nov 13)