[Snort-users] Research Paper - ICMP Usage In Scanning v3.0 - RELEASED

Ofir Arkin ofir at ...949...
Mon Jun 4 10:21:59 EDT 2001


There was a typo in the link to the paper:

http://www.sys-security.com/archive/papers/ICMP_Scanning_v3.0.zip
The file size is ~ 1.75mb when zipped

http://www.sys-security.com/archive/papers/ICMP_Scanning_v3.0.pdf
The file size is ~ 5.39mb.

Ofir

-----Original Message-----
From: snort-users-admin at lists.sourceforge.net
[mailto:snort-users-admin at lists.sourceforge.net]On Behalf Of Ofir Arkin
Sent: Monday, June 04, 2001 1:18 AM
To: Snort-Users
Subject: [Snort-users] Research Paper - ICMP Usage In Scanning v3.0 -
RELEASED


I am pleased to announce the availability of version 3.0 of my research
paper "ICMP Usage In Scanning".

Version 3.0 introduces significant changes made to the text.

The paper now starts with an introduction to the ICMP Protocol. The
introduction explains what is the ICMP protocol; it’s message types, and
where and when we should expect to see these.

The following chapters are divided into several subjects ranging from Host
Detection to Passive Operating System Fingerprinting.

An effort was made to offer more illustrations, examples and diagrams in
order to explain and illustrate the different issues involved with the ICMP
protocol’s usage in scanning.

The paper is divided into the following chapters:

- Chapter 1 is the Introduction
- Chapter 2 is an Introduction to the ICMP Protocol
- Chapter 3 deals with Host Detection methods using the ICMP Protocol
- Chapter 4 handles Advanced Host Detection methods using the ICMP Protocol
- Chapter 5 talks about the technique known as "Inverse Mapping"
- Chapter 6 goes through the traceroute functionality
- Chapter 7 is dedicated to Active Operating System Fingerprinting using the
ICMP
  Protocol. The chapter is divided into four parts:

	- Regular queries
	- Crafted queries
	- Error Messages
	- Futuristic Methods

- Chapter 8 explains the Usage of ICMP in the Passive Operating System
  Fingerprinting Process. This is a new chapter, which was added with this
version.
- Chapter 9 suggests strategies when building a correct rule base with a
Firewall
- Chapter 10 is dedicated to acknowledgments


The various appendixes offer:

- Several tables presented in the text
- Some Host based Security measures available with Linux based on Kernel
2.4.x and
  with Sun Solaris 8.
- A snort rule base for dealing with the ICMP tricks illustrated within the
text.


The new version can be downloaded from The Sys-Security Group’s web site in
PDF and ZIP formats. This is due to the large size of the PDF file.

http://www.sys-security.com/archive/papers/ICMP_Scanning_v3.0.zip
The file size is ~ 1.75mb when zipped

http://www.sys-security.com/archive/papers/ICMP_Usage_v3.0.pdf
The file size is ~ 5.39mb.



Ofir Arkin [ofir at ...949...]
Founder
The Sys-Security Group
http://www.sys-security.com
PGP CC2C BE53 12C6 C9F2 87B1 B8C6 0DFA CF2D D360 43FA


_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list





More information about the Snort-users mailing list