If
it's just a DDoS, they can flood a single address (in use or not) on your subnet
and
have
the affect of killing your entire subnet if you can't handle the traffic
load.
There
are other ways of scanning/finding hosts than just using
ICMP.
1) you
can just do a service connect scan.
2) you
can dig into their DNS zone and see what you can find. Often people will use
a
naming
scheme which you can infer other hostnames from. etc. Sometimes
they
might
just return ALL records...
People can't attack what they can't
see/detect.
Juan Concepcion Network Engineer/Security Consultant CCSA/CCSE E-Mail:
[email protected]
How does blocking ICMP make my firewall more
secure?
|