Collaborate Disseminate
When I ping a host and sniff ICMP packet with Wireshark, I can see that by default 48 bytes of data sent to the host. If I don’t set specific data with -p flag then my questions are:
what kinds of data are sent in this 48 b… Continue reading What kinds of payload does ping include in ICMP packet? [on hold]
When I ping a host and sniff ICMP packet with Wireshark, I can see that by default 48 bytes of data sent to the host. If I don’t set specific data with -p flag then my questions are:
what kinds of data are sent in this 48 b… Continue reading What kinds of payload does ping include in ICMP packet? [on hold]
icmpsh is a simple ICMP reverse shell with a win32 slave and a POSIX-compatible master in C, Perl or Python. The main advantage over the other similar open source tools is that it does not require administrative privileges to run onto the target machine. The tool is clean, easy and portable. The slave (client) runs […]
The post icmpsh…
Read the full post at darknet.org.uk
icmpsh is a simple ICMP reverse shell with a win32 slave and a POSIX-compatible master in C, Perl or Python. The main advantage over the other similar open source tools is that it does not require administrative privileges to run onto the target machine. The tool is clean, easy and portable. The slave (client) runs […]
The post icmpsh…
Read the full post at darknet.org.uk
I have a question regarding the Smurf Attack described in the following CISCO article:
http://www.cisco.com/c/en/us/about/security-center/guide-ddos-defense.html#9
In a smurf attack, an attacker broadcasts a large number… Continue reading Smurf Attack confusion
How can I prevent my route to be redirected with redirecting ICMP packets from a man-in-the-middle?
I am specifically looking to avoid someone using ettercap with the -M icmp option. From man ettercap:
icmp (MAC/IP)
This attack implements ICMP redirection. It sends a
spoofed icmp redirect message to the hosts in the lan
pretending to be a better route for internet. All connec‐
tions to internet will be redirected to the attacker
which, in turn, will forward them to the real gateway.
The resulting attack is a HALF-DUPLEX mitm. Only the
client is redirected, since the gateway will not accept
redirect messages for a directly connected network. BE
SURE TO NOT USE FILTERS THAT MODIFY THE PAYLOAD LENGTH.
you can use a filter to modify packets, but the length
must be the same since the tcp sequences cannot be
updated in both ways.
You have to pass as argument the MAC and the IP address
of the real gateway for the lan.
Obviously you have to be able to sniff all the traffic.
If you are on a switch you have to use a different mitm
attack such as arp poisoning.
Continue reading How to prevent ICMP redirection produced by a man-in-the-middle
We’ve had a steady stream of questions about “BlackNurse”, so we thought we’d answer them all in one place. Here you are. Continue reading BlackNurse revisited: what you need to know
Researchers say BlackNurse attacks are low bandwidth (18Mbps) and can still knock offline many of today’s firewalls. Continue reading BlackNurse Low-Volume DoS Attack Targets Firewalls
I ran an nmap -sn scan on a host, and nmap reported the host as down. I then pinged the same host with ping and got ICMP responses. I’m confused, because I was sure that -sn among other things, did an ICMP echo request.
Output from my two… Continue reading NMAP discovery scan reporting host offline, pinging the same host gets ICMP responses
This question was inspired by this answer which states in part:
The generic firewall manifest file finishes off by dropping everything I didn’t otherwise allow (besides ICMP. Don’t turn off ICMP).
But, is it truly a good practice for… Continue reading Is it a bad idea for a firewall to block ICMP?