Re: ICMP (Ping)

[Ansgar Wiechers <bugtraq () planetcobalt net>]

On 2003-09-04 freeasabird_13 () gmx net wrote:
> > I don't think so. Not responding to ICMP echo-requests won't make you
> > invisible. Whenever a ping does not return "host unreachable" you
> > know there *is* something with that address.
>
> For the record, I never said nor implied that not responding to pings
> would make one's internet presence "invisible".  I merely said/implied
> that it would make your presence less obvious, which it simply would.

I still don't agree. When doing a scan to find potential targets,
addresses you don't get echo-replies from are screaming out "yes, I am
here and I don't want you to know" to anyone who has at least a basic
understanding of how IP works. In fact I would consider those as primary
targets, since something worth hiding may be something worth getting. I
fail to see how this would make your presence less obvious. Am I missing
something?

Regards
Ansgar Wiechers

---------------------------------------------------------------------------
Attend Black Hat Briefings & Training Federal, September 29-30 (Training), 
October 1-2 (Briefings) in Tysons Corner, VA; the world's premier 
technical IT security event.  Modeled after the famous Black Hat event in 
Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors.  
Symantec is the Diamond sponsor.  Early-bird registration ends September 6.Visit us: www.blackhat.com
----------------------------------------------------------------------------