Host Unreachable Scan

From: Penn, Toby (IT.Ops Security Services) (TPennat_private)
Date: Thu Jul 19 2001 - 18:00:10 PDT

  • Next message: Ryan Russell: "Re: HTTP connections"

    Some interesting traffic came through my firewall today.  We allow the
    following ICMP traffic:
    
    	outbound echo-request 
    
    	inbound echo-reply
    	inbound dest-unreachable
    	inbound time-exceeded inbound
    
    
    The interesting part is that there was a massive amount of destination
    unreachable traffic coming into the network with NO originating
    echo-request.  Let me rephrase...  I looked at one of the addresses that was
    sending dest-unreachable packets... there was no originating or
    corresponding echo-request to that IP address.  For that matter, there was
    no traffic initiated on my side to that address whatsoever.
    
    The question now becomes... what exposure does this give me?  What can be
    gleaned from and ICMP dest-unreachable request?  Are you able to map my
    entire network using this technique?  Enumeration only?  Is there a
    vulnerability out there using this technique?
    
    -Toby Penn
    
    
    ----------------------------------------------------------------------------
    
    
    This list is provided by the SecurityFocus ARIS analyzer service.
    For more information on this free incident handling, management 
    and tracking system please see:
    
    http://aris.securityfocus.com
    



    This archive was generated by hypermail 2b30 : Thu Jul 19 2001 - 20:10:55 PDT