[LINK] DNS outage?
stil at stilgherrian.com
Wed Jul 29 10:02:10 AEST 2009
On 29/07/2009, at 9:40 AM, Rick Welykochy wrote:
>> block such attempts to do reconnaissance like that, for security
>> reasons, as someone said earlier.
> I suppose that host discovery is one of those concerns. Other linkers
> may be able to point to other security concerns and the reason that
> ICMP is being blocked. I certainly would like to know if this is
> over cautious. Sometimes I think this is the case.
> Have there been any exploits or attacks based on ICMP, for example?
That last bit is a question above my pay grade, but...
But ICMP can certainly be used to map and profile a network. You can,
for example, find out what specific version of an operating system
some box is running by sending a few well-crafted packets. Once you
know that, you can then better plan your attack. Blocking most of ICMP
means you close off that possibility for reconnaissance.
If you're talking REALLY secure, it's not about stopping just the
known exploits, but reducing the potential for exploits through
unknown vulnerabilities. Allow ONLY the packets necessary to provide
the service and block everything else.
People who do infosec for a living may well shoot holes in what I just
said. Please, clarify.
Internet, IT and Media Consulting, Sydney, Australia
mobile +61 407 623 600
fax +61 2 9516 5630
ABN 25 231 641 421
More information about the Link