[NTLUG:Discuss] SSH
MadHat
madhat at unspecific.com
Wed Oct 15 22:15:27 CDT 2003
On Wed, 2003-10-15 at 21:18, David wrote:
> On Wed, Oct 15, 2003 at 10:19:30AM -0500, MadHat wrote:
> > nmap, the most common scanning tool, does not use ICMP by default.
> > <sarcasm>And security through obscurity always works</sarcasm>
>
> According to the nmap man page, it does use ICMP:
>
> -PB This is the default ping type. It uses both the ACK ( -PT ) and
> ICMP echo request ( -PI ) sweeps in parallel. This way you can
> get firewalls that filter either one (but not both). The TCP
> probe destination port can be set in the same manner as with -PT
> above.
It only uses ICMP if you run it as root. ICMP access needs root access
to work. That is why ping is SUID root and tools like mtr only work as
root or when set SUID root.
>
> It's true that ICMP is useful, but also true that responding to it
> means that your host is known to the Evil Bad Guys (EBG). One way to
> address that is to use IP Tables to restrict the address ranges to
> which you are willing to send ICMP, or from which you are willing to
> receive it.
>
> In this case, the original poster stated that the machine's sole
> purpose was to serve SSH for just two telecommuters. I'd filter out
> all packets from any address ranges except those belonging to the
> telecommuters, or to the ISP the network admin uses at home.
I am just saying that ICMP is not as evil as some people make it out to
be and can be very useful for network monitoring and troubleshooting.
--
MadHat at Unspecific.com
`But I don't want to go among mad people,' Alice remarked.
`Oh, you can't help that,' said the Cat: `we're all mad here...'
-- Lewis Carroll - _Alice's_Adventures_in_Wonderland_
More information about the Discuss
mailing list