On Tue, 26 Sep 2000, John Payne wrote:
few suprises for the scanner. It's NOT an exercise that I recommend. As a matter of fact, it's quite a BAD idea.
So why are you advocating scanning for smurf amps?
Sending a single ICMP echo-request to every /30 boundry inside our network and those of our customers and counting the replies doesn't bother me at all. It is about as non-intrusive as you get. If someone doesn't want people sending ICMP echo-request to their network, they need to block it at the borders. If they do that, even if they have amp nets inside, they won't be available for abuse from the outside. For those of us who sell transit, it's not an option to block ICMP at the border. Our customers like to be able to do ping tests, blah blah blah. In any case, I find scanning for SMURF amps and scanning for vulnerabilities to be quite different. Liken it to the Gas company driving up and down your street with a sniffer looking for leaks (SMURF amps) and someone walking up to every house in the neighborhood with a ladder and testing the second story windows looking for those that are unlocked. They are two completewly different things and just as scanning for exploitable holes on our net earns a nasty suprise, walking into my yard with a ladder and trying my windows will get you shot! --- John Fraizer EnterZone, Inc