| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <4172C038.1040401@home.nl> From: frankdewit at home.nl (Frank de Wit) Subject: ICMP (was: daily internet traffic report) I thought I asked a question ; the answer 'yes' should have been sufficient ;-) Just joking, let's ask two other questions: -when you read about ICMP fingerprinting (see Ofir Arkin's great articles) -and you see tools like Xprobe and a lot of other OS-fingerprinting tools I might be wrong, but: a) do you still think ICMP is a good thing in relation to security (by obscurity)? b) why would you need ICMP from the internet to your perimeter/DMZ-devices? Hojje, Frank Willem Koenings wrote: > > > >>are they? >>do you remember 'firewalking'? >> >> > >sorry, but firewalking is not icmp-only technique and don't >use full range of icmp types/codes. >by firewalking you use tcp or udp packets (depends, which >protocol acl you want to study) with one bigger TTL than >target and monitor results via icmp type 11. > >if you really afraid firewalking, then instead of closing >down all icmp you can close down only type 11. and nat >firewall protects you from firewalking anyway. > >what i want to say? blindly closing down things is easiest >thing to do. but doing so you are not on the top of the problem >and you don't control things. get down to the problem and fix >things. there's one too many black hole routers in the world >and availability is also an security attribute. > >al the best, > >W. > >
Powered by blists - more mailing lists