[Message Prev][Message
Next][Thread Prev][Thread Next][Message
Index][Thread Index]
Re: Finding IP Devices on a LAN?
--- In ukha_d@xxxxxxx, Jewelie <jewelie@...> wrote:
>
> Or devices that don't respond to a ping. Quite often devices don't
> do so, or can be configured not to. Same for servers. Why broadcast
> that something exists when you don't have to ?
There are indeed valid security reasons for, for example, firewalls or
routers to not pass pings or traceroute packets between interfaces.
However I would expect a "normal" TCP/IP device (i.e. not a
security
device) to support pings as otherwise how can you test network
connectivity and the like?
It really bugs me when overly aggressive network "security"
people
block all ICMP traffic for security reasons (not just pings and
traceroutes) - doing so will potentially make machines not work
corrected across the public Internet as the likes of MTU Path
Discovery require ICMP end-to-end to determine the largest size of
packet that can be safely passed between 2 devices.
> There even exists system that only appear when you send a sequence
> of packets to it, either a single specially formed packet, or a
> series of them to different ports. They appear to do to nowhere
> until the sequence is complete, then the server opens up a port
> to the IP address that send the sequnce. Think it is called port
> knocking
Yupe, but port knocking works at the TCP or UDP layer, not at the ICMP
(i.e. ping) layer.
------------------------------------
UKHA_D Main Index |
UKHA_D Thread Index |
UKHA_D Home |
Archives Home
|