[15593] in bugtraq
ICMP Usage In Scanning - Research Paper
daemon@ATHENA.MIT.EDU (Ofir Arkin)
Sun Jul 2 14:23:44 2000
Mime-Version: 1.0
Content-Type: text/plain; charset="windows-1255"
Content-Transfer-Encoding: 7bit
Message-Id: <FNEAICGJJOCNGPFNHFONKEMMCBAA.ofir@itcon-ltd.com>
Date: Sun, 2 Jul 2000 00:42:09 +0200
Reply-To: Ofir Arkin <ofir@ITCON-LTD.COM>
From: Ofir Arkin <ofir@ITCON-LTD.COM>
To: BUGTRAQ@SECURITYFOCUS.COM
I have finished a research paper titled "ICMP usage in scanning". I think it
would be helpful for people to understand what can be done with ICMP, since
not all know this protocol's benefits/problems.
From the Intro:
"The Internet Control Message Protocol is one of the debate full protocols
in the TCP/IP protocol
suite regarding its security hazards. There is no consent between the
experts in charge for
securing Internet networks (Firewall Administrators, Network Administrators,
System
Administrators, Security Officers, etc.) regarding the actions that should
be taken to secure their network infrastructure in order to prevent those
risks.
In this paper I have tried to outline what can be done with the ICMP
protocol regarding scanning."
The paper deals with plain Host Detection techniques, Host Detection
techniques using ICMP error messages generated from probed hosts, Inverse
Mapping, Trace routing, OS finger printing methods with ICMP, and which ICMP
traffic should be filtered on a Filtering Device.
The paper (350k) can be downloaded from http://www.sys-security.com .
http://www.sys-security.com/archive/papers/ICMP_Scanning.pdf .
Cheers
Ofir Arkin
