Re: How to prevent system from replying to Ping (ICMP Echo) requests?
From: Moe Trin (ibuprofin_at_painkiller.example.tld)
Date: 09/29/04
- Next message: Miles Fromier: "Re: WallWatcher - Spyware?"
- Previous message: T. Sean Weintz: "Re: monitor outgoing traffic"
- In reply to: Kaptain Krunch: "Re: How to prevent system from replying to Ping (ICMP Echo) requests?"
- Next in thread: Kaptain Krunch: "Re: How to prevent system from replying to Ping (ICMP Echo) requests?"
- Reply: Kaptain Krunch: "Re: How to prevent system from replying to Ping (ICMP Echo) requests?"
- Reply: Agustin: "Re: How to prevent system from replying to Ping (ICMP Echo) requests?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 28 Sep 2004 17:44:23 -0500
In article <B4qdnSDaoMnqLsXcRVn-rA@comcast.com>, Kaptain Krunch wrote:
>> Kaptain Krunch wrote...
>>
>> > Guess ping is no a threat? NOT! Ping of death can cause a computer or
>> > router to lock... Large fragmented ICMP packets make a computer or
>> > router unable to reassemble them.
"Ping of Death" - a ping with an effective size over 64k, came out just
after microsoft invented computer networking back in 1995, and was an
easy way to kill windoze95 and NT3.* and 4.0. Microsoft finally managed
to pull their finger out and fix it in mid-1997 if I recall correctly.
None of the contemporary operating systems (Mac O/S, OS/2, Novell, *nix,
or even Trumpet Winsock running on MS-DOS) were vulnerable.
"overlapping IP fragments" was used in the 'teardrop' attack, and this
effected windoze9x, NT, and Linux (possibly others) back in 1997. As far
as I can find, microsoft fixed this in 2000.
If you are still running ancient software that is vulnerable to those
attacks, it's your problem. If it's modern (more correctly, "current")
software and it's still broken in that respect, please post the names of
the software company that supplied it so that everyone can avoid using
products from such an incompetent supplier.
>LOL actually I should be ranting...but WTH...LOL Ive expirienced ICMP
>packets of over 1500 a min and router just gave up and rebooted over and
>over and over and over again till I got my ISP to shut the guy off
I'd be looking at replacing such a broken router if the brain-dead
company that built the sucker didn't have a software fix for that. If
they _do_ have a fix, and you hadn't installed it, or it's some kind
of configuration error, well...
1500 packets per minute is only 25 per second. If the packets were somehow
each 64K long (I'm not aware of any networking protocol using packets larger
than 18000 bytes [Token Ring] at the moment), that's still only 1.6 Megabyte
per second - and while that's well over twice the capacity of 10BaseX
Ethernet, and 100BaseT ISA (or even EISA) NICs are rare, a 386 should have
no problem handling that data rate. The attacker's network, and all of
the hops in between didn't seem to have a problem, so why you?
>he liked my port 137...
Is 137 open to the world?
>spoofed packets are untraceable also and can cause DoS
True, which is why source LANs (company networks, ISPs, etc.) should be
filtering outgoing packets - making sure that the source address is from
a plausible block that would be exiting their networks at this point.
This is just as true as you blocking inbound packets with _source_
addresses that claim to be from inside your network or are RFC1918 or
zero-conf (169.254/16).
Old guy
- Next message: Miles Fromier: "Re: WallWatcher - Spyware?"
- Previous message: T. Sean Weintz: "Re: monitor outgoing traffic"
- In reply to: Kaptain Krunch: "Re: How to prevent system from replying to Ping (ICMP Echo) requests?"
- Next in thread: Kaptain Krunch: "Re: How to prevent system from replying to Ping (ICMP Echo) requests?"
- Reply: Kaptain Krunch: "Re: How to prevent system from replying to Ping (ICMP Echo) requests?"
- Reply: Agustin: "Re: How to prevent system from replying to Ping (ICMP Echo) requests?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
