Re: Network scanning

["himicos" <himicos () freemail gr>]

> One thing that you could do is use a tool that would send an ICMP
> packet to all possible addresses in your particular network.  That
> won't detect all connecting hosts, in particular if someone jacks in
> to sniff only, but that assumes that your network is hub based.  If
> your network is switch based then people will have a hard time
> logging in and sniffing without being detected as they'd normally
> have to ARP poison the switch or do something else that would be
> detectable.
>
>
> So... the simple 99% answer is, ping all possible IP addresses once,
> if you get a response from an address thats not supposed to be
> there... well... then you'll know.
>
> Also, if you use DHCP then you could watch the DHCP log for new
> systems... thats not super difficult either.

Well, being a newbie, this forces me to ask:
 If this imaginary attacker raises a firewall with a simple ruleset like (not
exact iptables syntax):

input --protocol any  -j ACCEPT
output --protocol any -j DROP

and to be paranoid add this:

input --protocol icmp -j DROP

in iptables, if i am correct, the target DROP causes the packet to be silently
dropped. Then this would remedy the ICMP approach, correct??




____________________________________________________________________
http://www.freemail.gr - äùñåÜí õðçñåóßá çëåêôñïíéêïý ôá÷õäñïìåßïõ.
http://www.freemail.gr - free email service for the Greek-speaking.

---------------------------------------------------------------------------
----------------------------------------------------------------------------