Nmap Announce mailing list archives

Previous By Date Next
Previous By Thread Next

Research Paper - ICMP Usage In Scanning v3.0 - RELEASED

From: "Ofir Arkin" <ofir () sys-security com>
Date: Mon, 4 Jun 2001 01:17:44 -0700
I am pleased to announce the availability of version 3.0 of my research
paper "ICMP Usage In Scanning".

Version 3.0 introduces significant changes made to the text.

The paper now starts with an introduction to the ICMP Protocol. The
introduction explains what is the ICMP protocol; it’s message types, and
where and when we should expect to see these.

The following chapters are divided into several subjects ranging from Host
Detection to Passive Operating System Fingerprinting.

An effort was made to offer more illustrations, examples and diagrams in
order to explain and illustrate the different issues involved with the ICMP
protocol’s usage in scanning.

The paper is divided into the following chapters:

- Chapter 1 is the Introduction
- Chapter 2 is an Introduction to the ICMP Protocol
- Chapter 3 deals with Host Detection methods using the ICMP Protocol
- Chapter 4 handles Advanced Host Detection methods using the ICMP Protocol
- Chapter 5 talks about the technique known as "Inverse Mapping"
- Chapter 6 goes through the traceroute functionality
- Chapter 7 is dedicated to Active Operating System Fingerprinting using the
ICMP
  Protocol. The chapter is divided into four parts:

        - Regular queries
        - Crafted queries
        - Error Messages
        - Futuristic Methods

- Chapter 8 explains the Usage of ICMP in the Passive Operating System
  Fingerprinting Process. This is a new chapter, which was added with this
version.
- Chapter 9 suggests strategies when building a correct rule base with a
Firewall
- Chapter 10 is dedicated to acknowledgments


The various appendixes offer:

- Several tables presented in the text
- Some Host based Security measures available with Linux based on Kernel
2.4.x and
  with Sun Solaris 8.
- A snort rule base for dealing with the ICMP tricks illustrated within the
text.


The new version can be downloaded from The Sys-Security Group’s web site in
PDF and ZIP formats. This is due to the large size of the PDF file.

http://www.sys-security.com/archive/papers/ICMP_Scanning_v3.0.zip
The file size is ~ 1.75mb when zipped

http://www.sys-security.com/archive/papers/ICMP_Usage_v3.0.pdf
The file size is ~ 5.39mb.



Ofir Arkin [ofir () sys-security com]
Founder
The Sys-Security Group
http://www.sys-security.com
PGP CC2C BE53 12C6 C9F2 87B1 B8C6 0DFA CF2D D360 43FA


--------------------------------------------------
For help using this (nmap-hackers) mailing list, send a blank email to 
nmap-hackers-help () insecure org . List run by ezmlm-idx (www.ezmlm.org).
Previous By Date Next
Previous By Thread Next

Current thread: