to ICMP information about a system. You can gather all kinds of valuable information
about a system simply by sending an ICMP packet to it. For example, with the UNIX tool
icmpquery (http://packetstormsecurity.org/UNIX/scanners/icmpquery.c) or icmpush
(http://packetstormsecurity.org/UNIX/scanners/icmpush22.tgz), you can request the
time on the system (to see the time zone the system is in) by sending an ICMP type 13
message (TIMESTAMP). Also, you can request the netmask of a particular device with
the ICMP type 17 message (ADDRESS MASK REQUEST). The netmask of a network
card is important because you can determine all the subnet of the target, and thereby
understand its default gateway and broadcast address. With the default gateway
identified you can target router attacks. And with the broadcast address you can target
denial of service attacks (DoS). With knowledge of the subnets, you can also orient your
attacks to only particular subnets and avoid hitting broadcast addresses, for example.
icmpquery has both a timestamp and an address mask request option:
icmpquery <-query> [-B] [-f fromhost] [-d delay] [-T time] targets where
-t : icmp timestamp request (default)
-m : icmp address mask request
The delay is in microseconds to sleep between packets.
targets is a list of hostnames or addresses
-T specifies the number of seconds to wait for a host to respond.
The default is 5.
-B specifies ‘broadcast’ mode. icmpquery will wait for timeout seconds
and print all responses.
If you’re on a modem, you may wish to use a larger -d and –T
To use icmpquery to query a router’s time (typically in Greenwich Mean Time), you
can run this command:
[root] icmpquery -t 192.168.1.1
192.168.1.1 : 11:36:19
To use icmpquery to query a router’s netmask, you can run this command
[root] icmpquery -m 192.168.1.1
192.168.1.1 : 0xFFFFFFE0
Not all routers and systems allow an ICMP TIMESTAMP or NETMASK response, so
your mileage with icmpquery and icmpush may vary greatly from host to host.
কোন মন্তব্য নেই:
একটি মন্তব্য পোস্ট করুন