So, what computer do you blame for not following the supplied link to http://www.hping.org to learn what HPing does?
"hping is a command-line oriented TCP/IP packet assembler/analyzer. The interface is inspired to the ping(8) unix command, but hping isn't only able to send ICMP echo requests. It supports TCP, UDP, ICMP and RAW-IP protocols, has a traceroute mode, the ability to send files between a covered channel, and many other features." (I assume it's inspired *BY* ping, and sends files through "covert" channels....) David Gillett > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > Sent: July 3, 2003 00:07 > To: Chad > Cc: [EMAIL PROTECTED] > Subject: Re: HPing? > > > > > > > To error is human -- to blame the computer is even more so. > > On Wed, 2 Jul 2003, Chad wrote: > > > We received a notification today, from a company that > checks our network for > > vulnerabilities, that the web servers we host are > vulnerable to HPing > > (http://www.hping.org/). The company stated that using this > tool it is > > possible to ping the box via port 80 and thus open to service denial > > attacks(?!). Even do trace routes etc. Has anybody had any > experience with > > this, and more importantly, how would one go about blocking > this type of > > "ping"? > > Chad, > > First of all ICMP, which ping is part of, does not have a src > or dst port > so if the company that checks your network actually said "it > is possibe > to ping your box via port 80" i would ask them to clarify > themselves and > if they still persist that you are being pinged (aka. echo request, > icmp type 8) on port 80 I would suggest you give your money > to someone else. > maybe me if you want? :) > > I dont know how hping works but what they might mean is that > they can scan > port 80 with a syn tcp/ip packet and see if the box has a web > server. This > basicly means that they can see if your web server is there > by partially > connecting to it. I dont see how you can stop this from > happening though. > It seems like an inate part of having a service for the > public to view. > Maybe somebody on the list can let me know why this is a > denial of service > problem? syn flooding is the only thing i can think of, but i > believe most > modern kernels at least for linux i dont know about windows have > the ability to see these and try to stop them. > > To solve your ping problem, > > block type 8 (echo requests) icmp packets at your firewall. > This will stop > people from being able to ping you whether this is a good or > bad thing is > up for debate. I personaly dont like to disable echo > requests, but i dont > run a company either just a 4 computer network. > > You should also block type 5 icmp which are redirections at > your firewall > just for good policy. I do block these. > > There might be a few more also. > > Good luck hope i didnt confuse you more. > > john fastabend > > > -------------------------------------------------------------- > ------------- > Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by > top analysts! > The Gartner Group just put Neoteris in the top of its Magic Quadrant, > while InStat has confirmed Neoteris as the leader in marketshare. > > Find out why, and see how you can get plug-n-play secure > remote access in > about an hour, with no client, server changes, or ongoing maintenance. > > Visit us at: http://www.neoteris.com/promos/sf-6-9.htm > -------------------------------------------------------------- > -------------- > --------------------------------------------------------------------------- Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts! The Gartner Group just put Neoteris in the top of its Magic Quadrant, while InStat has confirmed Neoteris as the leader in marketshare. Find out why, and see how you can get plug-n-play secure remote access in about an hour, with no client, server changes, or ongoing maintenance. Visit us at: http://www.neoteris.com/promos/sf-6-9.htm ----------------------------------------------------------------------------
