HOW TO: Netcomm NB9WMAXX and Firewall

[Michael Chesterton]

On 17/07/2010, at 12:07 AM, Basil Chupin wrote:
> My modem/router is sending to everyone under the sun my IP address when 
> I connect to a website.
> 
> Every browser does this.
> 
> But when a router responds to a ping then the IP address can be 
> determined and the system at that IP address can then be exploited, if 
> possible.
> 
> If a router doesn't respond to an ICMP ping then it does not exist. 
> Right? Or is this wrong?


If an attacker knows your ip address, whether or not it responds to pings is irrelevant. They know your ip, and they know about firewalls blocking pings. So if they happen to ping it and it doesn't respond, they might assume it's firewalled and scan for other weaknesses.

If an attacker doesn't know your ip address, it doesn't matter if your modem responds to pings because they don't know your ip address to ping it.

99.99999% of attacks on the internet are random scans, not targeted to anyone in particular. Some kid might have downloaded a script to exploit some IIS asp bug. They just go through every ip address trying the exploit, they don't test to see if the system is pingable, they don't test if the system is running windows, or IIS, they just try the exploit, if it works, they're in, if it doesn't, they move on to the next ip. 

The majority of the systems they try to exploit will be running linux and apache and aren't vulnerable, they don't care, it takes longer to test what a system is running than just trying the IIS exploit on a linux box, failing, and moving on.


-- 

http://chesterton.id.au/blog/
http://barrang.com.au/linux/