Why would filtering ICMP stop anything??
It wouldn't help finding him anything. The "bad" guy inside his
network will still be there. Instead use of ethereal should make him
spot the right machine and be able to take corresponding action. ICMP
is a important service and I don't see why users should not be able
to use it. There are far more dangerouse services like Windows
Messaging (see http://www.itc.virginia.edu/desktop/docs/
messagepopup/) or simpyl use of Windows file service from remote
(most users dont need that so its usually not a bad idea to close
those ports).
There was only one reason to filter ICMP and that was during the
known bug of WindowsNT and Windows95 called "ping-of-death" where a
well crafted overlength ICMP packet was able to crash any windows
machine within seconds.
So it would take a brainwashed system administrator to put a totally
outdated 10 year old machine with Windows95 or WindowsNT without any
security patches on to the internet. If you have that on your
network, then you might want to block ICMP.
On 28.02.2006, at 21:22, FRANCIS PROVENCHER wrote:
Hi
To stop the problem, you can deny the icmp echo request on your
firewall. Its not a good thing to lets user make icmp echo reply
(ping) outdoor of your network. Creat a rule on your firewall to
deny it, you can add some exception on this rule to lets
administrator to ping outdoor.
Sorry i can give you some advise with ethereal.
You can also check for a Snort (Intrusion Detection System)
Francis Provencher
Ministère de la Sécurité publique
Réalisations et Systèmes réseaux
Tél: (418) 646-3258
Courriel: Francis.provencher@xxxxxxxxxxxxxx
CEH - Certified Ethical Hackers
SSCP - System Security Certified Practionner
Sec+ - Security +
jason.hernandez@xxxxxxxxxxxxx 02/28/06 2:36 PM >>>
Hello all,
I am very new to protocol analyzing and packet sniffing. I usually
just
support pc, but an now supporting our network. I've been contacted my
company's ISP and they say some machine behind my router is
scanning their
network. I have made sure all my PC's are patched, and have up to
day anti
virus software ( McAfee) as well as anti spyware software (Windows
Defender), but I am still having this issue.
How can I use this software to find the culprit? What am I suppose
to look
for? Sorry for being such a newbie...
Thanks in advance!
Jason
_______________________________________________
Ethereal-users mailing list
Ethereal-users@xxxxxxxxxxxx
http://www.ethereal.com/mailman/listinfo/ethereal-users
Andreas Fink
Fink Consulting GmbH
---------------------------------------------------------------
Tel: +41-61-6666332 Fax: +41-61-6666331 Mobile: +41-79-2457333
Address: Clarastrasse 3, 4058 Basel, Switzerland
E-Mail: afink@xxxxxxxxxxxxxxxxxx
Homepage: http://www.finkconsulting.com
---------------------------------------------------------------
ICQ: 101946485 MSN: msn1@xxxxxx AIM: smsrelay Skype: andreasfink
Yahoo: finkconsulting SMS: +41792457333
PGP9: 0714 DF2B A189 A760 6201 5CBD D040 3E71 4DAF 68BB