From owner-freebsd-security Sun Jun 13 13:51: 4 1999 Delivered-To: freebsd-security@freebsd.org Received: from verdi.nethelp.no (verdi.nethelp.no [158.36.41.162]) by hub.freebsd.org (Postfix) with SMTP id 93C5A14EDB for ; Sun, 13 Jun 1999 13:51:02 -0700 (PDT) (envelope-from sthaug@nethelp.no) Received: (qmail 27920 invoked by uid 1001); 13 Jun 1999 20:51:00 +0000 (GMT) To: dgilbert@velocet.ca Cc: jdn@acp.qiv.com, secure@r0ck.com, security@FreeBSD.ORG Subject: Re: Fwd: [linux-security] Re: Port 7 scan From: sthaug@nethelp.no In-Reply-To: Your message of "Sun, 13 Jun 1999 16:28:52 -0400 (EDT)" References: <14180.5252.211630.750974@trooper.velocet.ca> X-Mailer: Mew version 1.05+ on Emacs 19.34.2 Mime-Version: 1.0 Content-Type: Text/Plain; charset=us-ascii Date: Sun, 13 Jun 1999 22:51:00 +0200 Message-ID: <27918.929307060@verdi.nethelp.no> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > Jay> Since echo is Unixcentric and most new admins leave echo open, > Jay> echo will reveal far more about a machine than a ping. Could it > Jay> be that this is the intent? > > Actually, this is probably caused by a desire to subvert an > 'optimization' made at major routers on the net. In general, most > busy routers 'de-prioritize' ping traffic. This is true for Cisco routers *if* the ICMPs are for the router itself (one of its interfaces). As long as the ICMPs are not for the router itself, it is just like any other traffic, and is not 'de-prioritized' in any way. > This is largely due to the > face that the worse the network gets, the higher the amount of ping > traffic (coming from people who wonder why it's slow). So the latency > from a ping connection isn't as accurate as trying to open a tcp > connection. It's probably at least as accurate if you're trying to ping the hosts and not just the routers along the way. Steinar Haug, Nethelp consulting, sthaug@nethelp.no To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message