[LINK] DNS outage?
Kim Holburn
kim at holburn.net
Wed Jul 29 17:43:33 AEST 2009
On 2009/Jul/29, at 1:40 AM, Rick Welykochy wrote:
> Stilgherrian wrote:
>
>> No, it just means ping is bocked. Traceroute uses ping. Pings don't
>> always get allowed through any more.
>
> More accurately, traceroute, ping and a host of other network
> inspection
> tools use ICMP packets. And it is often a subset of ICMP that is
> blocked.
ping uses ICMP. Traceroute can use a number of things but the default
is UDP.
You can always use lft (layer four traceroute). It can't be blocked
in the same way.
>> block such attempts to do reconnaissance like that, for security
>> reasons, as someone said earlier.
Often ping is allowed for public servers.
> I suppose that host discovery is one of those concerns. Other linkers
> may be able to point to other security concerns and the reason that
> ICMP is being blocked. I certainly would like to know if this is
> over cautious. Sometimes I think this is the case.
>
> Have there been any exploits or attacks based on ICMP, for example?
DDoS, ping of death?
>
>
> cheers
> rickw
>
>
> --
> _________________________________
> Rick Welykochy || Praxis Services
>
> Age is an issue of mind over matter. If you don't mind, it doesn't
> matter
> -- Mark Twain
> _______________________________________________
> Link mailing list
> Link at mailman.anu.edu.au
> http://mailman.anu.edu.au/mailman/listinfo/link
--
Kim Holburn
IT Network & Security Consultant
Ph: +39 06 855 4294 M: +39 3494957443
mailto:kim at holburn.net aim://kimholburn
skype://kholburn - PGP Public Key on request
More information about the Link
mailing list