At 13:16 2001.10.31 -0500, Mike Gilles wrote: >For any data to actually be transferred the packets would have to move up >the OSI model. (e.g. start a TCP session) So, in short, no I wouldn't be >overly concerned with this traffic. That's very, very WRONG... If you can open a raw socket than you can send/receive data using ICMP. As some types of ICMP are allowed to pass most firewalls (echo reply, ttl exceded, port/host/net unreachable, to name a few) they are a very good medium to transmit information. I have no idea if the original poster should be converned about this one or not, I just want to point out that ICMP _CAN_ be used as an information transfer medium. ---------- António Vasconcelos - ICQ #109994473 - Senior Network Management Support CONVEX Portugal, Lda - T: +351-21-422-9200 F: +351-21-421-3787 ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Wed Oct 31 2001 - 10:42:05 PST