IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [icmp]

Abreviation of Internet Control Message Protocol. The protocol allows for the return propagation of error messages related to IP packets. ICMP is critical to basic network tools like ping and traceroute.

43 questions
2
votes
2 answers

Promiscuous mode and packet sniffing

Is it must for a packet sniffer to enable promiscuous mode?Can packets be sniffed without the NIC being in promiscuous mode? Also when in promiscuous mode the NIC accepts all packets which are not addressed to it's MAC address.Does it also mean that…
faraz khan
  • 329
  • 2
  • 12
2
votes
1 answer

Block Packets in snort

In rules configuration of snort I have: alert tcp any any -> any any (msg:"HTTP Connection"; react:block;) However when I add: alert icmp any any -> any any (msg:"HTTP Connection"; react:block;) it gives me a error that react is not allowed for…
NEENU
  • 83
  • 1
  • 6
2
votes
1 answer

Disabling Ping/ICMP Requests

Are there any benefits from disabling Ping/ICMP requests on servers? I've read where people say to do it but I can't seem to find any real benefits with it. Only more likely to cause more problems. EDIT: All types of ICMP packets.
Jason
  • 3,086
  • 4
  • 20
  • 24
2
votes
1 answer

Why is ping special: why do "unprivileged pings" have to be enabled?

Rootless podman, by proxy of the Linux Kernel, has restrictions against ping, It is most likely necessary to enable unprivileged pings on the host. Why do unprivileged pings need to be enabled? And what is the detriment to be able to send a ping…
Evan Carroll
  • 2,325
  • 4
  • 22
  • 29
2
votes
3 answers

I can't figure out the abnormal behaviour from this Wireshark capture file

The capture file if needed There is supposed to be abnormal behaviour here, and I see that there is. But I can't figure out what it is. There is no response from the ICMP requests. Furthermore some packets have the warning: [Expert Info…
symto
  • 21
  • 1
  • 2
2
votes
3 answers

UDP vs ICMP flood

How can we measure the efficiency of the flood technique? Will it be by the number of bots required for flooding the link? In case of UDP and ICMP, which one would be more efficient and why?
hatellla
  • 121
  • 3
2
votes
1 answer

What happens when a firewall blocks a traceroute?

I am trying to find out what happens when you try to access a site using traceroute command, but I cannot find any site that is actually blocking me. Anyway, I wanted to ask what happens when a firewall blocks traceroute? And if I am correct, the…
user120775
  • 21
  • 1
  • 2
2
votes
1 answer

Reliability of scanning tools on icmp timestamp responses

A security auditor has done a vulnerability scan of our network and found that one of our server has returned an TCP timestamp response such that the scanner (Nmap) is able to guess the uptime of the server. Does this constitute a real threat and…
Pang Ser Lark
  • 1,929
  • 2
  • 16
  • 26
1
vote
1 answer

Why is ICMP timestamping disabled on OS X?

It would seem like ICMP timestamping is quite a useful feature for troubleshooting networks with asymmetric paths. Replies to icmp(4) timestamp requests are generated by the kernel: On OpenBSD, the feature is controlled by sysctl…
cnst
  • 1,884
  • 2
  • 19
  • 30
1
vote
1 answer

how to handle error reply messages?

For security reasons, many organizations do not allow error reply messages to leave their internal Internets. How, specifically, could hackers use information in echo reply messages to learn about the firm's internal hosts? Does the same thing apply…
user20998
  • 11
  • 1
1
vote
0 answers

Can the ICMP "pad" safely be stripped in most situations for defense?

I'm learning about data exfiltration using ICMP and delivery of a payload is generally done using the -p "pad bytes" in ping -c 1 -p $encoded_payload. Are there often legitimate use for "pad bytes"? Can it simply be stripped by a firewall in most…
ChocolateOverflow
  • 3,452
  • 4
  • 17
  • 34
1
vote
1 answer

Real-world application of network steganography

I recently came across a topic of network steganography, mostly connected with modifying the headers of IP, TCP, ICMP. I was looking for some real-world examples of malware that uses it. I only found two ICMP related examples - Nanolocker and…
roffensive
  • 111
  • 2
1
vote
0 answers

Security Best Practice - Monitoring a Site-to-Site VPN Tunnel

if a customer wants to monitor an IPSec-based site-to-site VPN and basically no incoming traffic is needed, would you recommend: a) setting up a permanent tunnel that can be monitored all the time and blocking all incoming traffic b) setting up a…
gumlozol
  • 21
  • 2
1
vote
2 answers

IP attack by reading/writing data?

If I remember correctly there is an ICMP attack whereby you can embed malicious code and it gets read/executed, causing the problem (similar to SQL injection). Are there any further/more dangerous attacks when the computer handling the packet can…
Kevin J
  • 11
  • 2
1
vote
2 answers

In what situations should a node ping/not ping?

I was recently looking at a network in which the client-machines could access a webservice endpoint but could not ping it. And there are other machines that can ping the webservice endpoint, but which do not utilize it. However, these other machines…
leeand00
  • 1,297
  • 1
  • 13
  • 21
1
2
3