Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
Subject: ICMP Usage In Scanning - Research Paper
From: Ofir Arkin (ofirITCON-LTD.COM)
Date: Sat Jul 01 2000 - 17:42:09 CDT
- Next message: D. J. Bernstein: "Re: ftpd: the advisory version"
- Previous message: Alan J Rosenthal: "Re: WuFTPD: Providing *remote* root since at least1994"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
I have finished a research paper titled "ICMP usage in scanning". I think it
would be helpful for people to understand what can be done with ICMP, since
not all know this protocol's benefits/problems.
From the Intro:
"The Internet Control Message Protocol is one of the debate full protocols
in the TCP/IP protocol
suite regarding its security hazards. There is no consent between the
experts in charge for
securing Internet networks (Firewall Administrators, Network Administrators,
Administrators, Security Officers, etc.) regarding the actions that should
be taken to secure their network infrastructure in order to prevent those
In this paper I have tried to outline what can be done with the ICMP
protocol regarding scanning."
The paper deals with plain Host Detection techniques, Host Detection
techniques using ICMP error messages generated from probed hosts, Inverse
Mapping, Trace routing, OS finger printing methods with ICMP, and which ICMP
traffic should be filtered on a Filtering Device.
The paper (350k) can be downloaded from http://www.sys-security.com .