Questions tagged [icmp]
Abreviation of Internet Control Message Protocol. The protocol allows for the return propagation of error messages related to IP packets. ICMP is critical to basic network tools like ping and traceroute.
46 questions
0 votes
0 answers
82 views
Stateful firewalls and the 'RELATED' state
For years, I've used the following to accept 'RELATED' packets: ... /usr/sbin/iptables -P INPUT DROP ... /usr/sbin/iptables -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT ... Use the ...
- 1
0 votes
1 answer
144 views
ICMP port unreachable message stops NMAP on UDP scan but not always [closed]
I have two almost identical embedded hosts that I am scanning with NMAP on the specific UDP port 47808. On host 192.168.2.12 NMAP returns after a while with: while on 192.168.2.24 NMAP immediately ...
- 101
0 votes
1 answer
166 views
icmp smurf attack
I am learning about ICMP smurf attack and for this, I have forged a packet with the following details: source_mac_address = **??** destination_mac_address = router mac address char ...
- 101
1 vote
1 answer
884 views
ICMP timestamp - firewall configured to drop timestamp request, but vulnerability scanner can send request and get a response
We use an external scanner (Qualys) to scan our external assets. We have a firewall in front of the external assets, but it is configured to whitelist the scanner so that the external assets get ...
- 11
0 votes
1 answer
219 views
Honeyd not responding to TCP
I'm having some issues getting Honeyd to work properly on an external network interface on Ubuntu 20 LTS running on a Proxmox server. I'm fairly sure it's a configuration/setup problem on the VM I'm ...
- 1
3 votes
1 answer
2k views
Why is ping special: why do "unprivileged pings" have to be enabled?
Rootless podman, by proxy of the Linux Kernel, has restrictions against ping, It is most likely necessary to enable unprivileged pings on the host. Why do unprivileged pings need to be enabled? And ...
- 3,237
1 vote
0 answers
155 views
Can the ICMP "pad" safely be stripped in most situations for defense?
I'm learning about data exfiltration using ICMP and delivery of a payload is generally done using the -p "pad bytes" in ping -c 1 -p $encoded_payload. Are there often legitimate use for &...
- 3,482
1 vote
1 answer
299 views
Real-world application of network steganography
I recently came across a topic of network steganography, mostly connected with modifying the headers of IP, TCP, ICMP. I was looking for some real-world examples of malware that uses it. I only found ...
- 111
3 votes
1 answer
777 views
Is disabling IPv6 an effective workaround for "Bad Neighbor" Vulnerability (CVE-2020-16898)?
CVE-2020-16898 is a remote code execution vulnerability caused by the improper handling of ICMPv6 Router Advertisement packets by Windows TCP/IP stack. Microsoft's recommended workaround is to disable ...
1 vote
0 answers
148 views
Security Best Practice - Monitoring a Site-to-Site VPN Tunnel
if a customer wants to monitor an IPSec-based site-to-site VPN and basically no incoming traffic is needed, would you recommend: a) setting up a permanent tunnel that can be monitored all the time and ...
- 21
0 votes
0 answers
74 views
What security benefit is there in 2020 to block outbound Ping [duplicate]
I've researched this and found the following on StackExchange and ServerFault, but they're very old. https://serverfault.com/questions/55889/why-block-outbound-icmp Is it a bad idea for a firewall ...
- 1
2 votes
3 answers
7k views
I can't figure out the abnormal behaviour from this Wireshark capture file
The capture file if needed There is supposed to be abnormal behaviour here, and I see that there is. But I can't figure out what it is. There is no response from the ICMP requests. Furthermore some ...
- 21
2 votes
2 answers
305 views
In what situations should a node ping/not ping?
I was recently looking at a network in which the client-machines could access a webservice endpoint but could not ping it. And there are other machines that can ping the webservice endpoint, but which ...
- 1,601
1 vote
1 answer
1k views
Security auditing - disabling IP forwarding and ICMP packets redirects
I've recently started working as a security auditor and my mentor gave me some homework to write an Ubuntu security audit script so that I'll get to learn to use batch scripting and understand ...
user184816
2 votes
3 answers
3k views
UDP vs ICMP flood
How can we measure the efficiency of the flood technique? Will it be by the number of bots required for flooding the link? In case of UDP and ICMP, which one would be more efficient and why?
- 121