Re: Survive without ICMP?
From: Vogulus (nospam_at_nospam.com)
Date: 05/20/04
- Next message: Swaroop Kumar: "VPN issues when client AND server are behind NAT/Firewall"
- Previous message: Jens Hoffmann: "Re: Survive without ICMP?"
- In reply to: Purl Gurl: "Re: Survive without ICMP?"
- Next in thread: Maxime Ducharme: "Re: Survive without ICMP?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 20 May 2004 20:13:20 GMT
Purl Gurl <purlgurl@purlgurl.net> wrote in
news:40ACDAC8.E637435A@purlgurl.net:
> Stalks wrote:
>
>> Purl Gurl wrote:
>
> (lots snipped)
>
>> > Our system does respond to Port 0 and does send ICMP packets.
>
>> What is your system? and do all ICMP rules apply to port 0 on this
>> system?
>
> Stalks, after reading so many articles on this, here and
> on the internet, I do not have a clue. Everything "assumed"
> has been tossed out my window, along with the wash and baby.
>
> Actually I was more tempted to toss my girl out a window
> when she became a teenager, but she is past that although
> I remain a teenager, and she is now the mother.
>
> Stalks, just briefly, we are fed a T1 broadband connection,
> an Orion modem, Linksys programmable router, three machines
> on our LAN, each a highly modified WIN32 system (Not NT)
> with Apache, a dns server and and an email server. Apache
> is on one machine. DNS and Email on another, supporting
> programs for my cgi applications, mostly databases, on
> the final machine.
>
> This week, I will be plugging in a Netscreen appliance and
> linking it to SNORT. This will sit between our modem
> and our router. That should really add some surprises!
>
> Seems a fairly typical system. I am leaning towards the
> Linksys router responding to port 0 requests. However,
> a timestamp ICMP did make it through to our hack testing.
> This suggests at least one of our machines responding
> to a port 0 probe with an ICMP packet. Might be our
> router stripped the port 0 reference allowing an ICMP
> request to be a multicast non-port specific request.
>
> However, one of our servers, either DNS or email, has
> a port 0 security feature, don't remember which. I will
> take a look later, although I think it is the DNS server.
>
> On Linksys responding, I believe this is the origin of
> the ICMP packet for a netmask. This makes sense because
> our router is netmasked for a single ip address on
> the T1 WAN system. Our internal LAN netmasking is
> multiple addresses, and this did not show in probes.
>
> To add confusion, each machine is netmasked for
> a single ip address (255.255.255.0) which may
> also be the port 0 ICMP reponse.
>
> Hack probes for port 0 did yield ICMP packets.
>
> Your guess is good as any, Stalks. I have been rendered
> literally clueless on this.
>
>
>> May the ping be with you ....
>
> I told you to stop that!
>
> Purl Gurl
PurlGurl,
Is it your goal to troll the internet pulling statements out of your
ass?
I wish you'd get back to day trading... or running the casino. Whatever
you do.
Later
- Next message: Swaroop Kumar: "VPN issues when client AND server are behind NAT/Firewall"
- Previous message: Jens Hoffmann: "Re: Survive without ICMP?"
- In reply to: Purl Gurl: "Re: Survive without ICMP?"
- Next in thread: Maxime Ducharme: "Re: Survive without ICMP?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
