[Snort-users] 13 instances of ping bsd

Mark Rowlands mark.rowlands at ...752...
Tue Nov 28 10:59:56 EST 2000


On Tuesday 28 November 2000 14:12, jess at ...521... wrote:
> > yes, i appreciate that, but what information, other than the presence of
> > a live host at this ip , can be gleaned from this information, also seems
> > counter productive, one ping I would have not even have bothered, but now
> > my curiosity has been aroused....
>
> 	Well, among other things, if you know exactly which IP is probing
> you, you might deny that network at the routers/FWs.
>
> 	And he cannot assume his ping will go unnoticed...
>
> 	Imagine that the attacker has compromised a "honorable" host. If
> you know exactly which IP is the packet coming from, and you find out that
> this is a real attack (ping to a host which should not receive it), you
> might want to alert the owner of the host. And the compromise would be
> unveiled.
>
> 	If you have 13 "honorable" hosts, then you almost certainly will
> not send 13 messages to the host owners to say: "hey, I received a ping
> from you". So the attacker will be able to pass undetected.
>
> 								JESS
Thanks, thats a fair point



More information about the Snort-users mailing list