Re: ICMP (Ping)
From: Tomas Wolf (tomas_at_skip.cz)
Date: 09/07/03
- Previous message: Christopher Joles: "RE: VPN's - Firewall's and Security"
- In reply to: Ansgar Wiechers: "Re: ICMP (Ping)"
- Next in thread: Tim Greer: "Re: ICMP (Ping)"
- Reply: Tim Greer: "Re: ICMP (Ping)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sun, 07 Sep 2003 00:29:10 -0400 To: Ansgar Wiechers <bugtraq@planetcobalt.net>
I think that between you two is a little misunderstanding. One is
pointing out those who are challenged by the "hidden", while the other
one is talking about kiddies scanning blindly huge IP ranges (even
dial-up, dsl & cable), where about those thousands and thousands
"unreachables" it would be just one IP that is not assigned, or the host
wasn't up....
So both of you are right... If one is looking to penetrate the site or
scans small range, this will become a target... While on the other hand
this site won't become a target (most likely) for a ping-scanning kiddie
that runs it in 195.X.X.X range.
good luck -- T.
Ansgar Wiechers wrote:
>On 2003-09-04 freeasabird_13@gmx.net wrote:
>
>
>>>I don't think so. Not responding to ICMP echo-requests won't make you
>>>invisible. Whenever a ping does not return "host unreachable" you
>>>know there *is* something with that address.
>>>
>>>
>>For the record, I never said nor implied that not responding to pings
>>would make one's internet presence "invisible". I merely said/implied
>>that it would make your presence less obvious, which it simply would.
>>
>>
>
>I still don't agree. When doing a scan to find potential targets,
>addresses you don't get echo-replies from are screaming out "yes, I am
>here and I don't want you to know" to anyone who has at least a basic
>understanding of how IP works. In fact I would consider those as primary
>targets, since something worth hiding may be something worth getting. I
>fail to see how this would make your presence less obvious. Am I missing
>something?
>
>Regards
>Ansgar Wiechers
>
>---------------------------------------------------------------------------
>Attend Black Hat Briefings & Training Federal, September 29-30 (Training),
>October 1-2 (Briefings) in Tysons Corner, VA; the world's premier
>technical IT security event. Modeled after the famous Black Hat event in
>Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors.
>Symantec is the Diamond sponsor. Early-bird registration ends September 6.Visit us: www.blackhat.com
>----------------------------------------------------------------------------
>
>
>
>
>
---------------------------------------------------------------------------
Captus Networks
Are you prepared for the next Sobig & Blaster?
- Instantly Stop DoS/DDoS Attacks, Worms & Port Scans
- Precisely Define and Implement Network Security
- Automatically Control P2P, IM and Spam Traffic
FIND OUT NOW - FREE Vulnerability Assessment Toolkit
http://www.captusnetworks.com/ads/42.htm
----------------------------------------------------------------------------
- Previous message: Christopher Joles: "RE: VPN's - Firewall's and Security"
- In reply to: Ansgar Wiechers: "Re: ICMP (Ping)"
- Next in thread: Tim Greer: "Re: ICMP (Ping)"
- Reply: Tim Greer: "Re: ICMP (Ping)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
