Firewall Wizards mailing list archives
Re: icmp scans - what about fragmented ICMP packets ?
From: Darren Reed <darrenr () reed wattle id au>
Date: Fri, 13 Nov 1998 20:12:10 +1100 (EST)
In some email I received from Pawel Maciejewski, sie wrote:
Hello again I wonder is it possible (and usefull) to fragment ICMP packets (in ex. ICMP echo request). Some firewalls (like sinus 0.2.9 if im not wrong) doesn't like fragmented packets at all - if they don't know what to do with them, they just drop or let them pass (of course it also may depends on few other things in ex. kernel configuration). So it can be really nice way to scan which hosts are alive behind the wall (when the wall has the blocked all incoming ICMP packets, but let fragmented packets pass), and can be a background for a next stage of attack.
any packets which are fragmented within the transport header, regardles of the protocol, should be treated the same. darren p.s. please watch how big your cc lists get.
Current thread:
- icmp scans - what about fragmented ICMP packets ? Pawel Maciejewski (Nov 12)
- Re: icmp scans - what about fragmented ICMP packets ? Darren Reed (Nov 13)