ICMP Echos

Das Forum rund um Sicherheitsfragen (Antivirus, Firewall, Spamschutz). Diese Forum wird auch von IPCop.at verwendet.
Forumsregeln
Das Forum rund um Sicherheitsfragen (Antivirus, Firewall, Spamschutz). Diese Forum wird auch von IPCop.at

ICMP Echos

Beitragvon Waxla » Di 20 Feb, 2001 09:59

Hallo Leute,
wer kennt sich mit ICMP Echos aus?
was bewirken diese, wie kann man sie ausschalten bzw selbst sowas "produzieren"?

können diese von den gängigsten firewalls abgeblockt werden?

bitte um Ratschläge

K
Waxla
 

RE: ICMP Echos

Beitragvon Manuel Capellari » Di 20 Feb, 2001 13:05

>was bewirken diese
im prinzip bewirken normale pings nicht viel, manche geräte (einige router) sind empfindlich wenn man sie mit einer bestimmten paket grösse anpingt ...

>wie kann man sie ausschalten
kommt aufs Betriebssystem an, unter unix/linux/bsd gehts ohne zusatz software

>bzw selbst sowas "produzieren"?
ping [ip-adresse oder fqdn]

>können diese von den gängigsten firewalls abgeblockt werden?
dass kann jede FW
Manuel Capellari
 

RE: ICMP Echos

Beitragvon Waxla » Mo 05 Mär, 2001 14:36

habe eigentlich nicht den "normalen" Ping gemeint:

ICMP (Internet control message protocol) using ports 0 - 11 is a protocol used to send and received information about the status of Internet connections. It sends packets of information from one computer, asking for information back. There are several ways this can be used to flood (send mass amounts of information) your connection. One typical way is to simply use windows standard ping.exe, and ask a computer if its still out there (ping it), over and over again. This requires that your computer answers the call and says yes it is alive. You use system resources as well as connection resources answering the large number of pings you are sent during the flood. This type of flood also slows the offender as he uses resources to send and receive also. If the attacking computer has a faster Internet connection this form of flood can be severely slow your connection, or cause it to drop. This is most often done from extreamly fast shell accounts. A more powerful form of ICMP flooding involves spoofing (faking the packet to say it is not from the computer actually sending it). In this way the attacking computer can use all of its resources to send packets to you, while not using its resources to receive your replies. This gives it an advantage as your computer must receive the ping, as well as send back a reply (which is not received by the attacking computer). There are many other varieties and ways of performing simple ICMP floods, these however are the most common. The symptoms of an ICMP flood attack are severely slowed Internet connection or/and computer, and possibly a dropping of your Internet connection.
Waxla
 


ZurĂĽck zu ANTIVIRUS & SECURITY

Wer ist online?

Mitglieder in diesem Forum: 0 Mitglieder und 12 Gäste