Research Paper - ICMP Usage In Scanning v3.0 - RELEASED

From: Ofir Arkin (ofir@sys-security.com)
Date: Mon Jun 04 2001 - 22:16:04 PDT

  • Next message: Tom Fischer: "Re: IIS & w2k"

    I am pleased to announce the availability of version 3.0 of my research
    paper "ICMP Usage In Scanning".
    
    Version 3.0 introduces significant changes made to the text.
    
    The paper now starts with an introduction to the ICMP Protocol. The
    introduction explains what is the ICMP protocol; it’s message types, and
    where and when we should expect to see these.
    
    The following chapters are divided into several subjects ranging from Host
    Detection to Passive Operating System Fingerprinting.
    
    An effort was made to offer more illustrations, examples and diagrams in
    order to explain and illustrate the different issues involved with the ICMP
    protocol’s usage in scanning.
    
    The paper is divided into the following chapters:
    
    - Chapter 1 is the Introduction
    - Chapter 2 is an Introduction to the ICMP Protocol
    - Chapter 3 deals with Host Detection methods using the ICMP Protocol
    - Chapter 4 handles Advanced Host Detection methods using the ICMP Protocol
    - Chapter 5 talks about the technique known as "Inverse Mapping"
    - Chapter 6 goes through the traceroute functionality
    - Chapter 7 is dedicated to Active Operating System Fingerprinting using the
    ICMP
      Protocol. The chapter is divided into four parts:
    
    	- Regular queries
    	- Crafted queries
    	- Error Messages
    	- Futuristic Methods
    
    - Chapter 8 explains the Usage of ICMP in the Passive Operating System
      Fingerprinting Process. This is a new chapter, which was added with this
    version.
    - Chapter 9 suggests strategies when building a correct rule base with a
    Firewall
    - Chapter 10 is dedicated to acknowledgments
    
    
    The various appendixes offer:
    
    - Several tables presented in the text
    - Some Host based Security measures available with Linux based on Kernel
    2.4.x and
      with Sun Solaris 8.
    - A snort rule base for dealing with the ICMP tricks illustrated within the
    text.
    
    
    The new version can be downloaded from The Sys-Security Group’s web site in
    PDF and ZIP formats. This is due to the large size of the PDF file.
    
    http://www.sys-security.com/archive/papers/ICMP_Scanning_v3.0.zip
    The file size is ~ 1.75mb when zipped
    
    http://www.sys-security.com/archive/papers/ICMP_Usage_v3.0.pdf
    The file size is ~ 5.39mb.
    
    
    
    Ofir Arkin [ofir@sys-security.com]
    Founder
    The Sys-Security Group
    http://www.sys-security.com
    PGP CC2C BE53 12C6 C9F2 87B1 B8C6 0DFA CF2D D360 43FA
    



    This archive was generated by hypermail 2b30 : Mon Jun 04 2001 - 18:52:26 PDT