lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <Pine.GSO.4.43.0410180117140.27276-100000@tundra.winternet.com>
From: dufresne at winternet.com (Ron DuFresne)
Subject: ICMP (was: daily internet traffic report)

Frank,

Question back at you sir;  Does OS fingerprinting rely soley upon ICMP
leakage?  I'd thought I saw a number of papers that related to OS
detection from the incentricities of TCP/IP stacks of the various OS',
like papers by Fydor, documented in phrack, etc.


Thanks,

Ron DuFresne


On Sun, 17 Oct 2004, Frank de Wit wrote:

> I thought I asked a question ; the answer 'yes' should have been
> sufficient ;-)
> Just joking, let's ask two other questions:
> -when you read about ICMP fingerprinting (see Ofir Arkin's great articles)
> -and you see tools like Xprobe and a lot of other OS-fingerprinting tools
> I might be wrong, but:
> a) do you still think ICMP is a good thing in relation to security (by
> obscurity)?
> b) why would you need ICMP from the internet to your perimeter/DMZ-devices?
>
> Hojje, Frank
>
> Willem Koenings wrote:
>
> >
> >
> >
> >>are they?
> >>do you remember 'firewalking'?
> >>
> >>
> >
> >sorry, but firewalking is not icmp-only technique and don't
> >use full range of icmp types/codes.
> >by firewalking you use tcp or udp packets (depends, which
> >protocol acl you want to study) with one bigger TTL than
> >target and monitor results via icmp type 11.
> >
> >if you really afraid firewalking, then instead of closing
> >down all icmp you can close down only type 11. and nat
> >firewall protects you from firewalking anyway.
> >
> >what i want to say? blindly closing down things is easiest
> >thing to do. but doing so you are not on the top of the problem
> >and you don't control things. get down to the problem and fix
> >things. there's one too many black hole routers in the world
> >and availability is also an security attribute.
> >
> >al the best,
> >
> >W.
> >
> >
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>

-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation." -- Johnny Hart
	***testing, only testing, and damn good at it too!***

OK, so you're a Ph.D.  Just don't touch anything.


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ