To error is human -- to blame the computer is even more so.
On Wed, 2 Jul 2003, Chad wrote:
> We received a notification today, from a company that checks our network for
> vulnerabilities, that the web servers we host are vulnerable to HPing
> (http://www.hping.org/). The company stated that using this tool it is
> possible to ping the box via port 80 and thus open to service denial
> attacks(?!). Even do trace routes etc. Has anybody had any experience with
> this, and more importantly, how would one go about blocking this type of
> "ping"?
Chad,
First of all ICMP, which ping is part of, does not have a src or dst port
so if the company that checks your network actually said "it is possibe
to ping your box via port 80" i would ask them to clarify themselves and
if they still persist that you are being pinged (aka. echo request,
icmp type 8) on port 80 I would suggest you give your money to someone else.
maybe me if you want? :)
I dont know how hping works but what they might mean is that they can scan
port 80 with a syn tcp/ip packet and see if the box has a web server. This
basicly means that they can see if your web server is there by partially
connecting to it. I dont see how you can stop this from happening though.
It seems like an inate part of having a service for the public to view.
Maybe somebody on the list can let me know why this is a denial of service
problem? syn flooding is the only thing i can think of, but i believe most
modern kernels at least for linux i dont know about windows have
the ability to see these and try to stop them.
To solve your ping problem,
block type 8 (echo requests) icmp packets at your firewall. This will stop
people from being able to ping you whether this is a good or bad thing is
up for debate. I personaly dont like to disable echo requests, but i dont
run a company either just a 4 computer network.
You should also block type 5 icmp which are redirections at your firewall
just for good policy. I do block these.
There might be a few more also.
Good luck hope i didnt confuse you more.
john fastabend
---------------------------------------------------------------------------
Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts!
The Gartner Group just put Neoteris in the top of its Magic Quadrant,
while InStat has confirmed Neoteris as the leader in marketshare.
Find out why, and see how you can get plug-n-play secure remote access in
about an hour, with no client, server changes, or ongoing maintenance.
Visit us at: http://www.neoteris.com/promos/sf-6-9.htm
----------------------------------------------------------------------------
