Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: ICMP (was: daily internet traffic report)

From: James Edwards <hackerwacker () cybermesa com>
Date: Sun, 17 Oct 2004 14:21:06 -0600
On Sun, 2004-10-17 at 12:55, Frank de Wit wrote:

I thought I asked a question ; the answer 'yes' should have been 
sufficient ;-)
Just joking, let's ask two other questions:
-when you read about ICMP fingerprinting (see Ofir Arkin's great articles)
-and you see tools like Xprobe and a lot of other OS-fingerprinting tools
I might be wrong, but:
a) do you still think ICMP is a good thing in relation to security (by 
obscurity)?


It gains little, there are other ways to tell if you are there. Those
who only use ping to identify hosts are on the low end of the skill
curve and it is those on the upper end of the skill curve that may have
to skills to compromise your firewall/hosts.



b) why would you need ICMP from the internet to your perimeter/DMZ-devices?



PathMTU. You will not move any packets unless your host can negotiate MTU
along the path. 

So, blocking ***all*** ICMP ***types*** is bad but you can block some ***types***
without getting into trouble. Till you understand that all the types do in relation
to networking I would leave the alone.

j

Attachment: signature.asc
Description: This is a digitally signed message part

Previous By Date Next
Previous By Thread Next

Current thread: