lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
From: frankdewit at home.nl (Frank de Wit)
Subject: ICMP (was: daily internet traffic report)

please don't call me sir, that makes me old ;-)
the answer is 'no'
do I win a price now?

Ron DuFresne wrote:

>Frank,
>
>Question back at you sir;  Does OS fingerprinting rely soley upon ICMP
>leakage?  I'd thought I saw a number of papers that related to OS
>detection from the incentricities of TCP/IP stacks of the various OS',
>like papers by Fydor, documented in phrack, etc.
>
>
>Thanks,
>
>Ron DuFresne
>
>
>On Sun, 17 Oct 2004, Frank de Wit wrote:
>
>  
>
>>I thought I asked a question ; the answer 'yes' should have been
>>sufficient ;-)
>>Just joking, let's ask two other questions:
>>-when you read about ICMP fingerprinting (see Ofir Arkin's great articles)
>>-and you see tools like Xprobe and a lot of other OS-fingerprinting tools
>>I might be wrong, but:
>>a) do you still think ICMP is a good thing in relation to security (by
>>obscurity)?
>>b) why would you need ICMP from the internet to your perimeter/DMZ-devices?
>>
>>Hojje, Frank
>>
>>Willem Koenings wrote:
>>
>>    
>>
>>>
>>>      
>>>
>>>>are they?
>>>>do you remember 'firewalking'?
>>>>
>>>>
>>>>        
>>>>
>>>sorry, but firewalking is not icmp-only technique and don't
>>>use full range of icmp types/codes.
>>>by firewalking you use tcp or udp packets (depends, which
>>>protocol acl you want to study) with one bigger TTL than
>>>target and monitor results via icmp type 11.
>>>
>>>if you really afraid firewalking, then instead of closing
>>>down all icmp you can close down only type 11. and nat
>>>firewall protects you from firewalking anyway.
>>>
>>>what i want to say? blindly closing down things is easiest
>>>thing to do. but doing so you are not on the top of the problem
>>>and you don't control things. get down to the problem and fix
>>>things. there's one too many black hole routers in the world
>>>and availability is also an security attribute.
>>>
>>>al the best,
>>>
>>>W.
>>>
>>>
>>>      
>>>
>>_______________________________________________
>>Full-Disclosure - We believe in it.
>>Charter: http://lists.netsys.com/full-disclosure-charter.html
>>
>>    
>>
>
>  
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ