RE: Should I be concerned about?

From: Antonio Vasconcelos (vascoat_private)
Date: Wed Oct 31 2001 - 10:38:39 PST

  • Next message: Lance Spitzner: "RE: Should I be concerned about?"

    At 13:16 2001.10.31 -0500, Mike Gilles wrote:
    >For any data to actually be transferred the packets would have to move up
    >the OSI model.  (e.g. start a TCP session) So, in short, no I wouldn't be
    >overly concerned with this traffic.
    That's very, very WRONG...
    If you can open a raw socket than you can send/receive data using ICMP.
    As some types of ICMP are allowed to pass most firewalls (echo reply, ttl 
    exceded, port/host/net unreachable, to name a few) they are a very good 
    medium to transmit information.
    I have no idea if the original poster should be converned about this one or 
    not, I just want to point out that ICMP _CAN_ be used as an information 
    transfer medium.
    António Vasconcelos - ICQ #109994473 - Senior Network Management Support
    CONVEX Portugal, Lda - T: +351-21-422-9200   F: +351-21-421-3787
    This list is provided by the SecurityFocus ARIS analyzer service.
    For more information on this free incident handling, management 
    and tracking system please see:

    This archive was generated by hypermail 2b30 : Wed Oct 31 2001 - 10:42:05 PST