Re: Is ICMP important?

Re: Is ICMP important?

[Whitley CTR Cecil H]

Hi Chuck,
I would like to point out one fact that you may not be aware of.  ICMP echo
requests and ICMP echo replies are two seperate beasts.  You may have your
firewall set up to allow icmp echo requests and deny icmp echo replies.
This would provide the behavior you are seeing since incoming requests would
not be filtered but incoming replies would be.  Outgoing replies wouldn't be
filtered since your system is generating them.  This would result in others
being able to ping you while you are unable to ping others.

If you need assistance in distinguishing one from the other, let me know and
i'll go look it up and post.  
regards,
Cecil

Re: Is ICMP important?

[Chuck Hallenbeck]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Hi Cecil,

Maybe my firewall is not out of the woods on this. The model I am
following has me accepting icmp packets of type 8 and 11 on the
input chain of the filter table, and dropping other types. I
think type 8 is an echo-request, and the tutorial says type 0 is
an echo-reply. So maybe I am dropping my echo-replies myself?

I tried logging all icmp packets without dropping any of them
while debugging this thing, and saw nothing in either direction
except my type 8 packets going out. No returns. I may try that
again in case I did not do it right. But I can ping my own local
host and the network address, plus this mysterious IP that says
it is filtering my packets, and nothing beyond that point.

Chuck

On Thu, 12 Feb 2004, Whitley CTR Cecil H wrote:

> Hi Chuck,
> I would like to point out one fact that you may not be aware of.  ICMP echo
> requests and ICMP echo replies are two seperate beasts.  You may have your
> firewall set up to allow icmp echo requests and deny icmp echo replies.
> This would provide the behavior you are seeing since incoming requests would
> not be filtered but incoming replies would be.  Outgoing replies wouldn't be
> filtered since your system is generating them.  This would result in others
> being able to ping you while you are unable to ping others.
>
> If you need assistance in distinguishing one from the other, let me know and
> i'll go look it up and post.
> regards,
> Cecil
> _______________________________________________
> Speakup mailing list
> Speakup@braille.uwo.ca
> http://speech.braille.uwo.ca/mailman/listinfo/speakup
>

- -- 
The Moon is Waning Gibbous (60% of Full)
In a world without Fences or Walls no one needs Windows or Gates.
My home page is now at http://www.mhcable.com/~chuckh
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)

iQCVAwUBQCuvmTVdG8M9x9tGAQJUqQP/dJpp2ECaysmTC4e4sfjQrQYyIMr3GxcH
/fU2CJ0D28WZ4FqnHimKvUXUcCsmeSG0hpoz1mxs/JxuMrVHaUvqjxlw7Zx3OlGx
oZr8tCQ8fLNEBFW/dFjIU++FXXsHtHfV6PxrJwred2juuzb8mVc6tDOLuGtUAx+p
uI4rGjGvdOE=
=m9mx
-----END PGP SIGNATURE-----

Re: Is ICMP important?

[Janina Sajka]

Also, Chuck, recognize that you can use nmap on any address. So, you can
run:

nmap -P0 [ip.address]

and see what ports are and aren't open on any machine. Might be handy
along with the traceroute results.

Re: Is ICMP important?

[William Hubbs]

Hi all,

I wouldn't go running nmap blindly on another computer without the owner's permission.  If you do and the owner complains to your isp you might get shut down for abuse -- they might think you are scanning the ports on the other machine to try to find a way to compromise it.

I know this because a few years ago when I was running redhat linux (I think it was version 6 or so), someone got into my computer and did this and I was shut down.  Fortunately the isp let me back on after I talked to them about what was going on.

William

On Thu, Feb 12, 2004 at 12:43:12PM -0500, Janina Sajka wrote:
> Also, Chuck, recognize that you can use nmap on any address. So, you can
> run:
> 
> nmap -P0 [ip.address]
> 
> and see what ports are and aren't open on any machine. Might be handy
> along with the traceroute results.
> 
> _______________________________________________
> Speakup mailing list
> Speakup@braille.uwo.ca
> http://speech.braille.uwo.ca/mailman/listinfo/speakup

Re: Is ICMP important?

[Chuck Hallenbeck]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Woops! Your warning came about a half hour too late, William, but
I appreciate the tip anyway.


On Thu, 12 Feb 2004, William Hubbs wrote:

> Hi all,
>
> I wouldn't go running nmap blindly on another computer without the owner's permission.  If you do and the owner complains to your isp you might get shut down for abuse -- they might think you are scanning the ports on the other machine to try to find a way to compromise it.
>
> I know this because a few years ago when I was running redhat linux (I think it was version 6 or so), someone got into my computer and did this and I was shut down.  Fortunately the isp let me back on after I talked to them about what was going on.
>
> William


- -- 
The Moon is Waning Gibbous (59% of Full)
In a world without Fences or Walls no one needs Windows or Gates.
My home page is now at http://www.mhcable.com/~chuckh
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)

iQCVAwUBQCvIjjVdG8M9x9tGAQK/9AP+Mn987oLH2hltDtb9ZWXEmrYGgoH/xR50
yH9Wl3FBSxLwTzY4RhUkj2OMCtGitN8rYz4pMiucoTfWwQcFZ/AakMosCVphloJM
XC6xKKccV9Rr2e0BqzsHX6f2xJ/t+m6u5XUjXnWYQ9Mwom+e+focJI3a/GhesfX5
hty+oQRl2Xs=
=JKXV
-----END PGP SIGNATURE-----

Re: Is ICMP important?

[Janina Sajka]

I think you have a right to debug. That's not cracking. If someone has
such a knee jerk reaction to that, you probably don't want to do
business with them.

William Hubbs writes:
> From: "William Hubbs" <w.hubbs@comcast.net>
> 
> Hi all,
> 
> I wouldn't go running nmap blindly on another computer without the owner's permission.  If you do and the owner complains to your isp you might get shut down for abuse -- they might think you are scanning the ports on the other machine to try to find a way to compromise it.
> 
> I know this because a few years ago when I was running redhat linux (I think it was version 6 or so), someone got into my computer and did this and I was shut down.  Fortunately the isp let me back on after I talked to them about what was going on.
> 
> William
> 
> On Thu, Feb 12, 2004 at 12:43:12PM -0500, Janina Sajka wrote:
> > Also, Chuck, recognize that you can use nmap on any address. So, you can
> > run:
> > 
> > nmap -P0 [ip.address]
> > 
> > and see what ports are and aren't open on any machine. Might be handy
> > along with the traceroute results.
> > 
> > _______________________________________________
> > Speakup mailing list
> > Speakup@braille.uwo.ca
> > http://speech.braille.uwo.ca/mailman/listinfo/speakup
> 
> _______________________________________________
> Speakup mailing list
> Speakup@braille.uwo.ca
> http://speech.braille.uwo.ca/mailman/listinfo/speakup

-- 
	
Janina Sajka
Email: janina@rednote.net		
Phone: +1 (202) 408-8175

Director, Technology Research and Development
American Foundation for the Blind (AFB)
http://www.afb.org

Chair, Accessibility Work Group
Free Standards Group
http://a11y.org

Re: Is ICMP important?

[Shaun Oliver]

[-- Attachment #1: msg.pgp --]
[-- Type: text/plain, Size: 1184 bytes --]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

actually, janina and all,
port scanning is ilegal in some countries without the express permission
of the admin or owner of the machine you are attempting to port scan.
over here e.g. it's not worth your job to port scan.
you're frowned upon and garunteed a hard time if you want to try to get
work anywhere else as an i,t professional.
just bear that in mind people when you attempt a port scan.
personally I think it's rediculous and it's quite good in debugging and
detecting security holes, but, that's ouw law makers for ya.

- -- 
Shaun Oliver


"I refuse to have a battle of wits with an unarmed person."
email: shaun_oliver@optusnet.com.au
WEB: http://blindman.homelinux.org/
IRC: irc.awesomechat.net:6666
IRCNICK: blindman
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQFALECU67hYtcFGIIcRAm6fAJ4gqeDO/fQ90Sxa5bFceT6kA/pUYwCgkQnk
WFvrvgN/RpcQoe6zLiO3L/o=
=bju+
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
MailScanner thanks transtec Computers for their support.

Re: Is ICMP important?

[Alex Snow]

if it's illegal over here people do it anyways and no one seems to 
care.
anothger stupid thing that is illegal on this state is wardiailing.
On 
Fri, Feb 13, 2004 at 02:12:20PM +1100, Shaun Oliver wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> actually, janina and all,
> port scanning is ilegal in some countries without the express permission
> of the admin or owner of the machine you are attempting to port scan.
> over here e.g. it's not worth your job to port scan.
> you're frowned upon and garunteed a hard time if you want to try to get
> work anywhere else as an i,t professional.
> just bear that in mind people when you attempt a port scan.
> personally I think it's rediculous and it's quite good in debugging and
> detecting security holes, but, that's ouw law makers for ya.
> 
> - -- 
> Shaun Oliver
> 
> 
> "I refuse to have a battle of wits with an unarmed person."
> email: shaun_oliver@optusnet.com.au
> WEB: http://blindman.homelinux.org/
> IRC: irc.awesomechat.net:6666
> IRCNICK: blindman
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.0.6 (GNU/Linux)
> Comment: For info see http://www.gnupg.org
> 
> iD8DBQFALECU67hYtcFGIIcRAm6fAJ4gqeDO/fQ90Sxa5bFceT6kA/pUYwCgkQnk
> WFvrvgN/RpcQoe6zLiO3L/o=
> =bju+
> -----END PGP SIGNATURE-----
> 
> -- 
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
> MailScanner thanks transtec Computers for their support.
> 
> 
> _______________________________________________
> Speakup mailing list
> Speakup@braille.uwo.ca
> http://speech.braille.uwo.ca/mailman/listinfo/speakup

-- 
Always borrow money from a pessimist; he doesn't expect to be paid
back.

Re: Is ICMP important?

[Shaun Oliver]

[-- Attachment #1: msg.pgp --]
[-- Type: text/plain, Size: 700 bytes --]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I agree.. it's stupid.
btw what's war dialing?
- -- 
Shaun Oliver


"I refuse to have a battle of wits with an unarmed person."
email: shaun_oliver@optusnet.com.au
WEB: http://blindman.homelinux.org/
IRC: irc.awesomechat.net:6666
IRCNICK: blindman
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQFALLzX67hYtcFGIIcRAkBoAJ9C4OFpDbAE0VTUu2UL2hH/8P0wpwCgjZ/h
7bYOuLdFB+eQus5mscknRB8=
=tTeW
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
MailScanner thanks transtec Computers for their support.

Re: Is ICMP important?

[Alex Snow]

It's prefix scanning. basically you (or a computer) calls every number 
in your prefix and looks for a carier i.e. a computer to answer the 
phone. not as popular as it was 10 years ago but it's still out there.
On 
Fri, Feb 13, 2004 at 11:02:31PM +1100, Shaun Oliver wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> I agree.. it's stupid.
> btw what's war dialing?
> - -- 
> Shaun Oliver
> 
> 
> "I refuse to have a battle of wits with an unarmed person."
> email: shaun_oliver@optusnet.com.au
> WEB: http://blindman.homelinux.org/
> IRC: irc.awesomechat.net:6666
> IRCNICK: blindman
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.0.6 (GNU/Linux)
> Comment: For info see http://www.gnupg.org
> 
> iD8DBQFALLzX67hYtcFGIIcRAkBoAJ9C4OFpDbAE0VTUu2UL2hH/8P0wpwCgjZ/h
> 7bYOuLdFB+eQus5mscknRB8=
> =tTeW
> -----END PGP SIGNATURE-----
> 
> -- 
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
> MailScanner thanks transtec Computers for their support.
> 
> 
> _______________________________________________
> Speakup mailing list
> Speakup@braille.uwo.ca
> http://speech.braille.uwo.ca/mailman/listinfo/speakup

-- 
Always borrow money from a pessimist; he doesn't expect to be paid
back.