5245927 2000-07-02 21:12 /47 rader/ Postmaster Mottagare: Bugtraq (import) <11556> Ärende: ICMP Usage In Scanning - Research Paper ------------------------------------------------------------ Approved-By: aleph1@SECURITYFOCUS.COM Delivered-To: bugtraq@lists.securityfocus.com Delivered-To: bugtraq@securityfocus.com MIME-Version: 1.0 Content-Type: text/plain; charset="windows-1255" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.6700 Importance: Normal Message-ID: <FNEAICGJJOCNGPFNHFONKEMMCBAA.ofir@itcon-ltd.com> Date: Sun, 2 Jul 2000 00:42:09 +0200 Reply-To: Ofir Arkin <ofir@ITCON-LTD.COM> Sender: Bugtraq List <BUGTRAQ@SECURITYFOCUS.COM> From: Ofir Arkin <ofir@ITCON-LTD.COM> To: BUGTRAQ@SECURITYFOCUS.COM I have finished a research paper titled "ICMP usage in scanning". I think it would be helpful for people to understand what can be done with ICMP, since not all know this protocol's benefits/problems. From the Intro: "The Internet Control Message Protocol is one of the debate full protocols in the TCP/IP protocol suite regarding its security hazards. There is no consent between the experts in charge for securing Internet networks (Firewall Administrators, Network Administrators, System Administrators, Security Officers, etc.) regarding the actions that should be taken to secure their network infrastructure in order to prevent those risks. In this paper I have tried to outline what can be done with the ICMP protocol regarding scanning." The paper deals with plain Host Detection techniques, Host Detection techniques using ICMP error messages generated from probed hosts, Inverse Mapping, Trace routing, OS finger printing methods with ICMP, and which ICMP traffic should be filtered on a Filtering Device. The paper (350k) can be downloaded from http://www.sys-security.com . http://www.sys-security.com/archive/papers/ICMP_Scanning.pdf . Cheers Ofir Arkin (5245927) ------------------------------------------(Ombruten)