RE: HPing?

2003-07-07 Thread Chad
Thanks allot to everyone who responded, it's been a great help. In conclusion, unless these guys can provide some proof that the web server can actually be compromised via HTTP Port 80 using HPing, I'll be of the opinion that it may just be another way to try and sell us more services. Surf

RE: HPing?

2003-07-04 Thread David Gillett
PROTECTED] [mailto:[EMAIL PROTECTED] Sent: July 3, 2003 00:07 To: Chad Cc: [EMAIL PROTECTED] Subject: Re: HPing? To error is human -- to blame the computer is even more so. On Wed, 2 Jul 2003, Chad wrote: We received a notification today, from a company that checks our network

RE: HPing?

2003-07-03 Thread Mark McConnell
Well, being able to get hping through a firewall to web servers on TCP port 80 does not in itself indicate any kind of potential security flaw. Really, port 80 must be open on the firewall to get non-malicious traffic to the web server(s). Without having the details of their report I would

Re: HPing?

2003-07-03 Thread chayden
We received a notification today, from a company that checks our network for vulnerabilities, that the web servers we host are vulnerable to HPing (http://www.hping.org/). The company stated that using this tool it is possible to ping the box via port 80 and thus open to service denial

Re: HPing?

2003-07-03 Thread jfastabe
To error is human -- to blame the computer is even more so. On Wed, 2 Jul 2003, Chad wrote: We received a notification today, from a company that checks our network for vulnerabilities, that the web servers we host are vulnerable to HPing (http://www.hping.org/). The company stated that

Re: HPing?

2003-07-03 Thread Andrew Anderson
In-Reply-To: [EMAIL PROTECTED] HPing is a network penetration testing program, it can't be used to launch a service denal attack (unless he opens multiple connections from 1 PC to your webserver. You can protect yourself by blocking his IP at your firewall). Seems like a shady company to me

RE: HPing?

2003-07-03 Thread Trevor Cushen
Any company that does these sort of tests should include recommendations within the report they produce. The last time I used hping was to do what's called an idle host ping. It requires your host to be idle! To block the pings stop ICMP type traffic, fragmented packets should be stopped. An

Re: HPing?

2003-07-03 Thread Roberto Tanara
We received a notification today, from a company that checks our network for vulnerabilities, that the web servers we host are vulnerable to HPing (http://www.hping.org/). The company stated that using this tool it is possible to ping the box via port 80 and thus open to service denial