| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: hackerwacker at cybermesa.com (James Edwards) Subject: ICMP (was: daily internet traffic report) On Sun, 2004-10-17 at 12:55, Frank de Wit wrote: > I thought I asked a question ; the answer 'yes' should have been > sufficient ;-) > Just joking, let's ask two other questions: > -when you read about ICMP fingerprinting (see Ofir Arkin's great articles) > -and you see tools like Xprobe and a lot of other OS-fingerprinting tools > I might be wrong, but: > a) do you still think ICMP is a good thing in relation to security (by > obscurity)? It gains little, there are other ways to tell if you are there. Those who only use ping to identify hosts are on the low end of the skill curve and it is those on the upper end of the skill curve that may have to skills to compromise your firewall/hosts. > b) why would you need ICMP from the internet to your perimeter/DMZ-devices? > PathMTU. You will not move any packets unless your host can negotiate MTU along the path. So, blocking ***all*** ICMP ***types*** is bad but you can block some ***types*** without getting into trouble. Till you understand that all the types do in relation to networking I would leave the alone. j -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20041017/8812da43/attachment.bin
Powered by blists - more mailing lists