Security Incidents: RE: Should I be concerned about?

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Security Incidents mailing list archives

RE: Should I be concerned about?

From: "Antonio Vasconcelos" <vasco () convex pt>
Date: Wed, 31 Oct 2001 18:38:39 +0000

At 13:16 2001.10.31 -0500, Mike Gilles wrote:

For any data to actually be transferred the packets would have to move up
the OSI model.  (e.g. start a TCP session) So, in short, no I wouldn't be
overly concerned with this traffic.


That's very, very WRONG...
If you can open a raw socket than you can send/receive data using ICMP.

As some types of ICMP are allowed to pass most firewalls (echo reply, ttlexceded, port/host/net unreachable, to name a few) they are a very goodmedium to transmit information.

I have no idea if the original poster should be converned about this one ornot, I just want to point out that ICMP _CAN_ be used as an informationtransfer medium.



----------
António Vasconcelos - ICQ #109994473 - Senior Network Management Support
CONVEX Portugal, Lda - T: +351-21-422-9200   F: +351-21-421-3787


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com

By Date By Thread

Current thread:

Should I be concerned about? Jose Carlos Faial (Oct 31)
- Re: Should I be concerned about? Blake Frantz (Oct 31)
- <Possible follow-ups>
- RE: Should I be concerned about? Mike Gilles (Oct 31)
  - RE: Should I be concerned about? Antonio Vasconcelos (Oct 31)
  - RE: Should I be concerned about? Lance Spitzner (Oct 31)