[LINK] DNS outage?

Kim Holburn kim at holburn.net
Wed Jul 29 17:43:33 AEST 2009


On 2009/Jul/29, at 1:40 AM, Rick Welykochy wrote:

> Stilgherrian wrote:
>
>> No, it just means ping is bocked. Traceroute uses ping. Pings don't
>> always get allowed through any more.
>
> More accurately, traceroute, ping and a host of other network  
> inspection
> tools use ICMP packets. And it is often a subset of ICMP that is
> blocked.

ping uses ICMP.  Traceroute can use a number of things but the default  
is UDP.

You can always use lft (layer four traceroute).  It can't be blocked  
in the same way.

>> block such attempts to do reconnaissance like that, for security
>> reasons, as someone said earlier.

Often ping is allowed for public servers.

> I suppose that host discovery is one of those concerns. Other linkers
> may be able to point to other security concerns and the reason that
> ICMP is being blocked. I certainly would like to know if this is
> over cautious. Sometimes I think this is the case.
>
> Have there been any exploits or attacks based on ICMP, for example?

DDoS, ping of death?

>
>
> cheers
> rickw
>
>
> -- 
> _________________________________
> Rick Welykochy || Praxis Services
>
> Age is an issue of mind over matter. If you don't mind, it doesn't  
> matter
>      -- Mark Twain
> _______________________________________________
> Link mailing list
> Link at mailman.anu.edu.au
> http://mailman.anu.edu.au/mailman/listinfo/link

-- 
Kim Holburn
IT Network & Security Consultant
Ph: +39 06 855 4294  M: +39 3494957443
mailto:kim at holburn.net  aim://kimholburn
skype://kholburn - PGP Public Key on request









More information about the Link mailing list