Text only | Text with Images

Networking-Forums.com

Professional Discussions => Security => Topic started by: SofaKing on June 15, 2016, 05:18:42 PM

Title: TCP over ICMP
Post by: SofaKing on June 15, 2016, 05:18:42 PM
Better start blocking ICMP ;)

https://github.com/Maksadbek/tcpovericmp
Title: Re: TCP over ICMP
Post by: deanwebb on June 15, 2016, 06:25:45 PM
Quote from: SofaKing on June 15, 2016, 05:18:42 PM
Better start blocking ICMP ;)

https://github.com/Maksadbek/tcpovericmp
:hankhill:

That's just mean, man...
Title: Re: TCP over ICMP
Post by: Reggle on June 15, 2016, 08:05:44 PM
Not entrely new actually. Useful payload for ICMP echo has been attempted before. I'm sure there are IPS'es paying attention to this. Basic firewalls will allow this to pass however.
Title: Re: TCP over ICMP
Post by: deanwebb on June 16, 2016, 06:30:44 AM
Well, I just always try to block the hell out of ICMP, whenever possible.
Title: Re: TCP over ICMP
Post by: dlots on June 16, 2016, 09:22:34 AM
Reminds me of a story I heard once:
A new admin came in to replace an old engineer who had been fired.  He looked all over the place and couldn't find any of the passwords.  Needing them he finally broke down and called the old engineer asking him where the password list was, to which the engineer said "They are on the network" and hung up.  Fast forward quite some time, and while the admin was looking at a packet capture he saw an odd ICMP packet, upon drilling into it he discovered that the payload was infact all the passwords for the network.
Title: Re: TCP over ICMP
Post by: deanwebb on June 16, 2016, 09:25:13 AM
Lol, that's insane... and not recommended, according to my CISSP Official Study Guide.
Text only | Text with Images