Want to share this with you. Could be usefull. -Mak -------- Original Message -------- Subject: ICMP Usage In Scanning - Research Paper Date: Sun, 2 Jul 2000 00:42:09 +0200 From: Ofir Arkin <[EMAIL PROTECTED]> Reply-To: Ofir Arkin <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] I have finished a research paper titled "ICMP usage in scanning". I think it would be helpful for people to understand what can be done with ICMP, since not all know this protocol's benefits/problems. >From the Intro: "The Internet Control Message Protocol is one of the debate full protocols in the TCP/IP protocol suite regarding its security hazards. There is no consent between the experts in charge for securing Internet networks (Firewall Administrators, Network Administrators, System Administrators, Security Officers, etc.) regarding the actions that should be taken to secure their network infrastructure in order to prevent those risks. In this paper I have tried to outline what can be done with the ICMP protocol regarding scanning." The paper deals with plain Host Detection techniques, Host Detection techniques using ICMP error messages generated from probed hosts, Inverse Mapping, Trace routing, OS finger printing methods with ICMP, and which ICMP traffic should be filtered on a Filtering Device. The paper (350k) can be downloaded from http://www.sys-security.com . http://www.sys-security.com/archive/papers/ICMP_Scanning.pdf . Cheers Ofir Arkin ___________________________________ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
