There was a typo in the link to the paper: http://www.sys-security.com/archive/papers/ICMP_Scanning_v3.0.zip The file size is ~ 1.75mb when zipped http://www.sys-security.com/archive/papers/ICMP_Scanning_v3.0.pdf The file size is ~ 5.39mb. Ofir -----Original Message----- From: Ofir Arkin [mailto:ofir@sys-security.com] Sent: Monday, June 04, 2001 1:18 AM To: INCIDENTS Subject: Research Paper - ICMP Usage In Scanning v3.0 - RELEASED I am pleased to announce the availability of version 3.0 of my research paper "ICMP Usage In Scanning". Version 3.0 introduces significant changes made to the text. The paper now starts with an introduction to the ICMP Protocol. The introduction explains what is the ICMP protocol; it’s message types, and where and when we should expect to see these. The following chapters are divided into several subjects ranging from Host Detection to Passive Operating System Fingerprinting. An effort was made to offer more illustrations, examples and diagrams in order to explain and illustrate the different issues involved with the ICMP protocol’s usage in scanning. The paper is divided into the following chapters: - Chapter 1 is the Introduction - Chapter 2 is an Introduction to the ICMP Protocol - Chapter 3 deals with Host Detection methods using the ICMP Protocol - Chapter 4 handles Advanced Host Detection methods using the ICMP Protocol - Chapter 5 talks about the technique known as "Inverse Mapping" - Chapter 6 goes through the traceroute functionality - Chapter 7 is dedicated to Active Operating System Fingerprinting using the ICMP Protocol. The chapter is divided into four parts: - Regular queries - Crafted queries - Error Messages - Futuristic Methods - Chapter 8 explains the Usage of ICMP in the Passive Operating System Fingerprinting Process. This is a new chapter, which was added with this version. - Chapter 9 suggests strategies when building a correct rule base with a Firewall - Chapter 10 is dedicated to acknowledgments The various appendixes offer: - Several tables presented in the text - Some Host based Security measures available with Linux based on Kernel 2.4.x and with Sun Solaris 8. - A snort rule base for dealing with the ICMP tricks illustrated within the text. The new version can be downloaded from The Sys-Security Group’s web site in PDF and ZIP formats. This is due to the large size of the PDF file. http://www.sys-security.com/archive/papers/ICMP_Scanning_v3.0.zip The file size is ~ 1.75mb when zipped http://www.sys-security.com/archive/papers/ICMP_Usage_v3.0.pdf The file size is ~ 5.39mb. Ofir Arkin [ofir@sys-security.com] Founder The Sys-Security Group http://www.sys-security.com PGP CC2C BE53 12C6 C9F2 87B1 B8C6 0DFA CF2D D360 43FA
This archive was generated by hypermail 2b30 : Sun Jun 03 2001 - 23:19:43 PDT