HostedDB - Dedicated UNIX Servers

ICMP_Scanning_6
ICMP Usage in Scanning 6 Copyright Ó Ofir Arkin, 2000 http://www.sys-security.com ID:5721 Seq:1   ECHO 89 D7 8E 38 27 63 0B 00 08 09 0A 0B 0C 0D 0E 0F   ...8'c.......... 10 11 12 13 14 15 16 17 18 19 1A 1B 1C 1D 1E 1F   ................ 20 21 22 23 24 25 26 27 28 29 2A 2B 2C 2D 2E 2F !"#$%&'()*+,-./ 30 31 32 33 34 35 36 37 01234567 01/26-13:16:25.746638 192.168.5.5 -> 192.168.5.1 ICMP TTL:255 TOS:0x0 ID:6072 ID:5721 Seq:1   ECHO REPLY 89 D7 8E 38 27 63 0B 00 08 09 0A 0B 0C 0D 0E 0F   ...8'c.......... 10 11 12 13 14 15 16 17 18 19 1A 1B 1C 1D 1E 1F   ................ 20 21 22 23 24 25 26 27 28 29 2A 2B 2C 2D 2E 2F !"#$%&'()*+,-./ 30 31 32 33 34 35 36 37 01234567 Checksum Sequence Number Identifier Code = 0 Type 0 4 8 16 31 Data... Figure 2: ICMP ECHO Request & Reply message format Countermeasure: Block ICMP ECHO requests coming from the Internet towards your network at your border router and/or Firewall5.   2.2 ICMP Sweep Querying multiple hosts using ICMP ECHO is referred to as ICMP Sweep (or Ping Sweep). For a small to midsize network Ping is an acceptable solution to this kind of host detection, but with large networks (such as Class A, or a full Class B) this kind of scan is fairly slow mainly because Ping waits for a reply (or a time out to be reached) from the probed host before proceeding to the next one. fping6 is a UNIX utility which sends parallel mass ECHO requests in a round robin fashion enabling it to be significantly faster than the usual Ping utility. It can also be fed with IP addresses with its accompanied tool gping. gping is used to generate a list of IP addresses which would be later fed into fping, directly or from a file, to perform the ICMP sweep. fping is also able to resolve hostnames of the probed machines if using the –d option. Another UNIX tool that is able of doing an ICMP sweep in parallel, resolve the hostnames of the probed machines, save it to a file and a lot more is NMAP7, written by Fyodor.                                                  5 It is better to filter unwanted traffic at your border router, reducing traffic rates for your firewall.   / src / Unix / pub / edu . tamu . ftp :// http 5 7 http://www.insecure.org