> We received a notification today, from a company that checks our network
for
> vulnerabilities, that the web servers we host are vulnerable to HPing
> (http://www.hping.org/). The company stated that using this tool it is
> possible to ping the box via port 80 and thus open to service denial
> attacks(?!). Even do trace routes etc. Has anybody had any experience
with
> this, and more importantly, how would one go about blocking this type of
> "ping"?
>
> Thanks!
>
> Chad
HPing is a utility for crafting packets, testing firewalls, port scanning,
etc. I am assuming that they mean they were able to do a "tcp ping" to
port 80 using a packet crafted using hping. This usually means they were
able to do a tcp connect (complete three way handshake) to port 80 on a
machine. That is OK if the machine is meant to be a webserver running on
the default port (this is were the spill goes about making sure you are
up-to-date on security patches and the box is hardened). A browser has to
do the same type of connect in order to be able to download content from a
webserver so blocking these types of "pings" means blocking users from
accessing the webserver.
Chris
---------------------------------------------------------------------------
Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts!
The Gartner Group just put Neoteris in the top of its Magic Quadrant,
while InStat has confirmed Neoteris as the leader in marketshare.
Find out why, and see how you can get plug-n-play secure remote access in
about an hour, with no client, server changes, or ongoing maintenance.
Visit us at: http://www.neoteris.com/promos/sf-6-9.htm
----------------------------------------------------------------------------
