Yes you
can run a port scan against IP addresses. You do not need a ping reply. I can
block ping reply from a Web server but port 80 will still respond since it is a
web server.
Thomas Stala
[email protected]
Hope this helps
-----Original
Message-----
From: [email protected]
[mailto:[email protected]]On Behalf Of Steven Schuster
Sent: Monday, June 11, 2001 10:00
AM
To:
'[email protected]'; Tony Wong;
[email protected]
Subject: RE: [FW1] Blocking ICMP
Juan,
I would
have to disagree with that. There are ways to run scans on machines that
don't response to ping. It makes the scan run longer, but it will look
for any and all ports on all addresses within the range you set.
Steve Schuster
Midwest ISO
Security
Analyst
-----Original
Message-----
From: Juan Concepcion
[mailto:[email protected]]
Sent: Saturday, June 09, 2001 8:10
PM
To: Tony Wong;
[email protected]
Subject: RE: [FW1] Blocking ICMP
People can't attack what they can't see/detect.
Juan Concepcion
Network Engineer/Security Consultant
CCSA/CCSE
E-Mail: [email protected]
-----Original Message-----
From:
[email protected]
[mailto:[email protected]]On Behalf Of Tony Wong
Sent: Friday, June 08, 2001 11:55
AM
To:
[email protected]
Subject: [FW1] Blocking ICMP
How does blocking ICMP make my firewall
more secure?