Frank, Question back at you sir; Does OS fingerprinting rely soley upon ICMP leakage? I'd thought I saw a number of papers that related to OS detection from the incentricities of TCP/IP stacks of the various OS', like papers by Fydor, documented in phrack, etc.
Thanks, Ron DuFresne On Sun, 17 Oct 2004, Frank de Wit wrote: > I thought I asked a question ; the answer 'yes' should have been > sufficient ;-) > Just joking, let's ask two other questions: > -when you read about ICMP fingerprinting (see Ofir Arkin's great articles) > -and you see tools like Xprobe and a lot of other OS-fingerprinting tools > I might be wrong, but: > a) do you still think ICMP is a good thing in relation to security (by > obscurity)? > b) why would you need ICMP from the internet to your perimeter/DMZ-devices? > > Hojje, Frank > > Willem Koenings wrote: > > > > > > > > >>are they? > >>do you remember 'firewalking'? > >> > >> > > > >sorry, but firewalking is not icmp-only technique and don't > >use full range of icmp types/codes. > >by firewalking you use tcp or udp packets (depends, which > >protocol acl you want to study) with one bigger TTL than > >target and monitor results via icmp type 11. > > > >if you really afraid firewalking, then instead of closing > >down all icmp you can close down only type 11. and nat > >firewall protects you from firewalking anyway. > > > >what i want to say? blindly closing down things is easiest > >thing to do. but doing so you are not on the top of the problem > >and you don't control things. get down to the problem and fix > >things. there's one too many black hole routers in the world > >and availability is also an security attribute. > > > >al the best, > > > >W. > > > > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html > -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ "Cutting the space budget really restores my faith in humanity. It eliminates dreams, goals, and ideals and lets us get straight to the business of hate, debauchery, and self-annihilation." -- Johnny Hart ***testing, only testing, and damn good at it too!*** OK, so you're a Ph.D. Just don't touch anything. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
