Re: How to prevent system from replying to Ping (ICMP Echo) requests?

From: Kaptain Krunch (captainkrunch_at_comcast.net)
Date: 09/29/04 

Date: Tue, 28 Sep 2004 20:44:19 -0400

It is fixed... ICMP are being filtered by ISP and the joker who was doing it
is shut down... Linksys sent me a fix, but it didnt do what it was
intended...I was very frustrated that my router cant handle ICMP packet...
BTW, 1500 should have been in 15 seconds which is 6000 a min... also took
the router out of the loop did a packet capture saw 11000 arps in 5 mins...
told my isp and found out I was mistakenly configured as a node on their
network and all thoses arps were going through my system...LMAO now.

KK

"Moe Trin" <ibuprofin@painkiller.example.tld> wrote in message
news:slrncljqa5.fo2.ibuprofin@atlantis.phx.az.us...
> In article <B4qdnSDaoMnqLsXcRVn-rA@comcast.com>, Kaptain Krunch wrote:
> >> Kaptain Krunch wrote...
> >>
> >> > Guess ping is no a threat? NOT! Ping of death can cause a computer or
> >> > router to lock... Large fragmented ICMP packets make a computer or
> >> > router unable to reassemble them.
>
> "Ping of Death" - a ping with an effective size over 64k, came out just
> after microsoft invented computer networking back in 1995, and was an
> easy way to kill windoze95 and NT3.* and 4.0. Microsoft finally managed
> to pull their finger out and fix it in mid-1997 if I recall correctly.
> None of the contemporary operating systems (Mac O/S, OS/2, Novell, *nix,
> or even Trumpet Winsock running on MS-DOS) were vulnerable.
>
> "overlapping IP fragments" was used in the 'teardrop' attack, and this
> effected windoze9x, NT, and Linux (possibly others) back in 1997. As far
> as I can find, microsoft fixed this in 2000.
>
> If you are still running ancient software that is vulnerable to those
> attacks, it's your problem. If it's modern (more correctly, "current")
> software and it's still broken in that respect, please post the names of
> the software company that supplied it so that everyone can avoid using
> products from such an incompetent supplier.
>
> >LOL actually I should be ranting...but WTH...LOL Ive expirienced ICMP
> >packets of over 1500 a min and router just gave up and rebooted over and
> >over and over and over again till I got my ISP to shut the guy off
>
> I'd be looking at replacing such a broken router if the brain-dead
> company that built the sucker didn't have a software fix for that. If
> they _do_ have a fix, and you hadn't installed it, or it's some kind
> of configuration error, well...
>
> 1500 packets per minute is only 25 per second. If the packets were somehow
> each 64K long (I'm not aware of any networking protocol using packets
larger
> than 18000 bytes [Token Ring] at the moment), that's still only 1.6
Megabyte
> per second - and while that's well over twice the capacity of 10BaseX
> Ethernet, and 100BaseT ISA (or even EISA) NICs are rare, a 386 should have
> no problem handling that data rate. The attacker's network, and all of
> the hops in between didn't seem to have a problem, so why you?
>
> >he liked my port 137...
>
> Is 137 open to the world?
>
> >spoofed packets are untraceable also and can cause DoS
>
> True, which is why source LANs (company networks, ISPs, etc.) should be
> filtering outgoing packets - making sure that the source address is from
> a plausible block that would be exiting their networks at this point.
> This is just as true as you blocking inbound packets with _source_
> addresses that claim to be from inside your network or are RFC1918 or
> zero-conf (169.254/16).
>
> Old guy
>

Relevant Pages

  • Re: DoS/DDoS Attack
    ... > have originated from their own network. ... > mitigate some of this issue? ... > DDoS spoof the packet from the same network but just a different host ... if you can track it to the ISP then the ISP techs can ...
    (Pen-Test)
  • Re: Can a hacker get through to my Lan from ADSL router?
    ... packet sniffing program for all traffic going to and coming from you. ... The only protection against that kind of interception would be for you ... protect people at your ISP snooping on your emails. ... LONG as the websites you visited were OUTSIDE the network owned by your ...
    (alt.computer.security)
  • Re: Load balancing and "default gateway"
    ... If I have a packet that goes to an IP address that is not directly ... ISP back-bone). ... You can select which ISP an OUTGOING connection uses by selecting ... most network programs don't let you do that. ...
    (comp.unix.programmer)
  • Re: External Sharepoint is Easy - Cant afford additional IP - WORKAROUND?
    ... That problem I can't fix BK because there are too many variables. ... It probably is your ISP since, externally, you are on their ... network, but it could be any number of things. ... the sharepoint web page is not slow to open internally then it ...
    (microsoft.public.sharepoint.windowsservices)
  • Re: Has anyone ever seen this VPN IPSEC error?
    ... Only if you know your network and ISP is your friend you should be ... Packet size of 64 is quite a size for most of the networks. ...
    (comp.dcom.sys.cisco)