ICMP 8 OPEN

[sparkes]

Warty Warthog wrote:
> http://scan.sygate.com/quickscan.html when I scan my
> Ubuntu box I get the following error:
> Protocol  Type  Status      Additional Information
>  ICMP      8     OPEN    An ICMP ping request is
> usually used to test Internet access. However, an
> attacker can use it to determine if your computer is
> available and what OS you are running. This gives him
> valuable information when he is determining what type
> of attack to use against you.
> 
> What does it mean? and with or without firestarter
> firewall I get such error. How can I avoid this error?
> 

if you are running ping a potential attacker can *see* your machine and 
perhaps have a slight advantage in attacking other services on your 
machine but as you have no other open ports it would need a ping 
vunulbility to take advantage of ;-)

running 'netstat - a' will (if my memory serves me correctly) give you 
the full rundown on all open ports.  Most of these will relate to your 
incoming email, web connections, irc, ssh and the other things most of 
us run 24/7, plus the local sockets used in your programs.  You need to 
look for tcp, utp and icmp.  But if you have a fresh ubuntu machine the 
list will be dramatically shorter than it would be on a comparable 
machine due to the fact (as you found out) most services are turned off 
by default.

Not being an adminstrator (ugghhh, poor fellows ;-) ) I can't remember 
how to disable ping using ipchains and I have never used firestarter but 
many firewall scripts have the option to ignore pings (or even all icmp 
traffic if you wish) so hunt around for the option.

sparkes

-- 
<davee> "Sparkes, the Pete Best of LugRadio"