Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Security Incidents mailing list archives

Re: ICMP Scan
From: Bill Weiss <houdini () clanspum net>
Date: Tue, 23 Mar 2004 17:28:48 +0000
tim logan(seclists () getemail net)@Tue, Mar 23, 2004 at 10:03:39AM -0600:

I saw this traffic last night on an IDS system inside a firewall.  Can 
somebody shed some light on it?  It looks to me like the purpose is to 
determine the number of hops to the host in question.  If it is, what 
would be the purpose?

[decrementing TTL]

Looks like a traceroute, with slightly different options.  Firewalk?

Traceroute normally increments the TTL, but the effect would be mostly the
same.

-- 
Bill Weiss
 
When the government fears the people, it is liberty.
When the people fear the government, it is tyranny.
        -- Thomas Paine


---------------------------------------------------------------------------
Free 30-day trial: firewall with virus/spam protection, URL filtering, VPN,
wireless security

Protect your network against hackers, viruses, spam and other risks with Astaro
Security Linux, the comprehensive security solution that combines six
applications in one software solution for ease of use and lower total cost of
ownership.

Download your free trial at 
http://www.securityfocus.com/sponsor/Astaro_incidents_040301
----------------------------------------------------------------------------

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]