Re:Re: ICMP (Type 8) port

From: Sadie (anonymous_at_discussions.microsoft.com)
Date: 05/22/04 

Date: Sat, 22 May 2004 14:49:40 -0700

Many thanks,for such an informative response.I appreciate
it very much.

Sadie
>-----Original Message-----
>"Sadie" <anonymous@discussions.microsoft.com> a écrit
dans le message de
>news:109e801c4402b$2e8165a0$a401280a@phx.gbl...
>> Please do correct me if I am mistaken,but isn't such a
>> ping the most commonly used prelude to a hacking
attempt?
>
>Well, you could see it like that, in the sense that a
hacker
>will probably check whether you computer answers to some
>kind of connexion. But a ping only checks whether your
>computer gives _an_ answer. It doesn't give any more
>information.
>
>Consider a legitimate use of ping. I want ot see whether
>laila.dnsalias.org is working. Well:
>
>C:\>ping laila.dnsalias.org
>
>Envoi d'une requête 'ping' sur laila.dnsalias.org
[80.8.134.187] avec 32
>octets de données :
>
>Réponse de 80.8.134.187 : octets=32 temps=117 ms TTL=247
>Réponse de 80.8.134.187 : octets=32 temps=57 ms TTL=247
>Réponse de 80.8.134.187 : octets=32 temps=51 ms TTL=247
>Réponse de 80.8.134.187 : octets=32 temps=59 ms TTL=247
>
>Statistiques Ping pour 80.8.134.187:
> Paquets : envoyés = 4, reçus = 4, perdus = 0
(perte 0%),
>Durée approximative des boucles en millisecondes :
> Minimum = 51ms, Maximum = 117ms, Moyenne = 71ms
>
>
>It look like it does.
>
>If you want to check whether your connexion is working,
>this can be _very_ useful.
>
>If you block ping requests, you'll lose the possibility
to check
>whether _your_ computer is reachable. For a private
computer,
>most likely it doesn't matter. But if everybody start
blocking
>ping for no reason, a very useful tool will be lost.
>
>If your computer doesn't answer to any unrequested
>information-carrying packet, but does answer to "ping"
>packets, there is no security risk in this. Again, and
>ICMP echo reply packet (i.e. an answer to "ping") is
>simply an IP packet with no content.
>
>You can see that microsoft.com does block ICMP echo
>requests. This is probably a protection agains anyone
>trying to flood them with useless ping requests. In
their case,
>I understand that it could happen (as well as more
sophisticated
>attacks).
>
>FYI, I don't block ICMP echo on my computer.
>
>> Isn't it preferrable to have a "passive" firewall that
>> silently drops packets without responding?
>
>Well, this is a bigger question, and more of a matter
>of taste. You can look at it this way: if a program tries
>to connect to your computer, it can either:
> * ignore it completly, and discard the IP packets
> * answer "there is nothing here for you, so you can stop
>trying".
>In a way, the second answer is more polite, and the
>remote computer can abort the connection attempt
>instead of retrying several times.
>
>On the other hand, it is a kind of (uninformative)
answer,
>and some people are afraid of _any_ answer.
>
>Note that identifying an operation system by the
behaviour
>of its network stack (e.g. using nmap) require a closed
port
>_and_ an open port to work reasonably well.
>
>If the tools I use allowed it, I'd prefer to make all
the ports I don't
>need appear as closed, instead of discarding packets
silently.
>However, I fully understand that you can prefer to avoid
giving
>any answer, as an added precaution. It's a kind of trade-
off
>between security and normal networking behaviour.
>
>> I only ask since I have never gained such a result from
>> Sygate.My connectivity is fine.
>
>You will probably never have any problem, except if you
try
>to set up some kind of VPN connection. In this case,
blocking
>ICMP fragmentation needed packets can prevent if from
>working. (IPSec VPN often send large encrypted packets,
and
>ICMP fragmentation needed is used to tell "it's too big,
send it
>again as several smaller pieces"). I've had problems
with this.
>
>.
>

Relevant Pages

  • Re: Disconnections with TSAC
    ... >>> disconnections and perhaps reasons for them? ... >> You could start very simple, with a continuous ping ... The EnableKeepAlive setting puts a "heartbeat" on the connection. ... RDP is *not* very good at dealing with dropped packets (but it ...
    (microsoft.public.win2000.termserv.clients)
  • Netgear MA401 stopped working
    ... the host, seem to be sending packets, but never receive anything back. ... PING 192.168.112.1: 56 data bytes ... I, on the other hand, suspect a hardware problem with the card. ... pci_cfgintr: 0:2 INTA BIOS irq 11 ...
    (freebsd-net)
  • Re: netcat delays between pages over wan
    ... >8000 printers. ... All that is going to show you is that ping in the default mode has ... >servers and Lantronix servers were rebooted. ... By default ping sends 56 byte packets 1 second apart. ...
    (comp.unix.sco.misc)
  • ubr924 modem does not want to talk through its ethernet0 port
    ... hostname burpmaster ... interface cable-modem0 ... input packets with dribble condition detected ... burpmaster#ping 10.0.0.13 <-- Ping my unix box, which I am using to connect to the ubr924 modem's console port. ...
    (comp.dcom.sys.cisco)
  • Failing to use Linux PC as router
    ... I can ping from one computer to the other and from the ... INTERFACES eth0 (?Firewire? ... iface lo inet loopback ... packets transmitted, 5 packets received, 0% packet loss ...
    (Debian-User)