Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Firewall Wizards: RE: Borderware Ping Server

RE: Borderware Ping Server

From: Matthew Kirkwood <matthew_at_hairy.beasts.org>
Date: Wed, 17 Oct 2001 14:59:07 +0100 (BST)

On Tue, 16 Oct 2001, Ofir Arkin wrote:

> This is not only the question of ping of death. There is also a very
> important issue of how this ping server/proxy validates that the
> requests sent and received are truly genuine ICMP echo requests and
> replies. Especially data in the data portion of the ICMP echo request
> and reply, message length and other gizmos.

Were I writing such a proxy, I'd construct a new ping packet and
send that. That way, there's no risk of it beind used as a covert
channel.

Of course, doing all this is userspace does decrease the value of
ping, as it won't be much use for anything but "is the host
alive?", but I think that's probably not unreasonable.

Matthew.

_______________________________________________
firewall-wizards mailing list
firewall-wizards_at_nfr.com
http://list.nfr.com/mailman/listinfo/firewall-wizards
Received on Oct 18 2001

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]