HostedDB - Dedicated UNIX Servers

ICMP_Scanning_35
ICMP Usage in Scanning 35 Copyright Ó Ofir Arkin, 2000 http://www.sys-security.com 7.2.6 ICMP Fragmentation Reassembly Time Exceeded (Type 11 Code 1) By blocking this ICMP type we eliminate the usage of a Host Detection technique, which sends only few fragments, form a fragmented datagram, and force the probed host to send us an ICMP Fragmentation Reassembly Time Exceeded error message back revealing his existence. 7.2.7 ICMP Parameter Problem We have demonstrated that host detection can be made with bad IP Header packets, which would elicit various ICMP Parameter Problem and ICMP Destination Unreachable error messages from the probed machines. 7.2.8 ICMP Time Stamp Request & Reply Time Stamp requests & replies can be used for Host Detection and Inverse Mapping. 7.2.9 ICMP Address Mask Request and Reply Address Mask request & reply can be used for host detection and Inverse Mapping. 7.2.10 The liability Question All  System  administrator  /  Network  administrator  don’t  want  to  be  held  liable  for  an  attack generated  from  there  network  by  an  abusive  user  (or  a  malicious  computer  attacker  using  a compromised system within the network). Therefore blocking some types of ICMP traffic from the protected network to the outside world is recommended for liability reasons: o Destination Unreachable Codes 2-4 o ICMP   Destination   Unreachable   error   messages   2-4   (“Port   Unreachable”, “Protocol Unreachable” and “Fragmentation Needed and DF Flag was Set”) is a group  of  messages  that  are  hard  error  conditions  and  when  received  should terminate a connection. This allow an attacker to send fake Destination Unreachable codes 2-4 to     terminate valid connections between the attacked target and other hosts on the    void. Old TCP/IP implementations terminat TCP connections when receiving    those error messages. Modern TCP/IP implementations no longer terminate a    TCP connection when receiving those error messages o Source Quench messages   o Since hosts still react to Source Quenches by slowing communication, they can be used as a Denial-of-Service measure. o Redirect messages o If you can forge ICMP Redirect packets, and if your target host pays attention to them - ICMP Redirects may be employed for denial of service attacks, where a host  is  sent  a  route  that  loses  it  connectivity,  or  is  sent  an  ICMP  Network Unreachable packet telling it that it can no longer access a particular network. This means that all outbound ICMP traffic should be disallowed.