[NTLUG:Discuss] SSH
David
david at hayes-family.org
Wed Oct 15 21:18:28 CDT 2003
On Wed, Oct 15, 2003 at 10:19:30AM -0500, MadHat wrote:
> nmap, the most common scanning tool, does not use ICMP by default.
> <sarcasm>And security through obscurity always works</sarcasm>
According to the nmap man page, it does use ICMP:
-PB This is the default ping type. It uses both the ACK ( -PT ) and
ICMP echo request ( -PI ) sweeps in parallel. This way you can
get firewalls that filter either one (but not both). The TCP
probe destination port can be set in the same manner as with -PT
above.
It's true that ICMP is useful, but also true that responding to it
means that your host is known to the Evil Bad Guys (EBG). One way to
address that is to use IP Tables to restrict the address ranges to
which you are willing to send ICMP, or from which you are willing to
receive it.
In this case, the original poster stated that the machine's sole
purpose was to serve SSH for just two telecommuters. I'd filter out
all packets from any address ranges except those belonging to the
telecommuters, or to the ISP the network admin uses at home.
--
David Hayes
david at hayes-family.org
More information about the Discuss
mailing list