What is ping blocking and how to do it?

52    Asked by AlisonKelly in Cyber Security , Asked on Mar 30, 2022

I can access each page of a site through the browser (firefox). I can also see the ip and port address in firebug, but when I open cmd->ping site ->it says "request timeout".

I also tried traceroute. The trace was something like this

 1. my router

 2. some local-server

 3. server out of state

 4. * * * request timeout

 5. request timeout

But at the same time, I can access the website through the browser.

How do they do this, and how can I break it or get past it?

Answered by Amit raj

How to Break

To answer your question about 'how to break' - the easiest way is to use a 'ping' program that uses other protocols than ICMP and/or other options. hping3 is in Backtrack/Kali (you said you used Backtrack/Kali, but hping3 is available for download), and it allows you to use TCP and UDP pings, and it allows you to use other ICMP types for pings.

TCP ping to port 80:
> hping3 -S xxx.xxx.xxx.xxx -p 80 -c 1
UDP ping to port 53:
> hping3 -2 xxx.xxx.xxx.xxx -p 53 -c 1
ICMP ping using the 'timestamp' type:
> hping3 -1 xxx.xxx.xxx.xxx -C 13 -c 1

Other tutorials for hping here. Why does ping blocking work? The typical 'ping' program uses a predefined ICMP echo request. This is very useful for diagnostics, but it is also easy to predict and block. As you can see, there are other ways to get the same functionality of ping by using other protocols and ICMP types.

How do you block? If you want to block the normal ping program, you block ICMP echo requests at the firewall. But, hping3 uses valid processes in the protocols you need to serve web pages, which means that you can't block it. If you want to block even hping, then you would have to block hosts from your firewall, which is likely not something you want to do with a website you want to be publicly accessible. (Actually, there is a way to block the use of hping, but the user of hping would have to use the stock or invalid protocol settings of hping. With more networking knowledge, it would be impossible to block.)

What you need to know It is important to understand that the issue here was not with your understanding of the tools available, but with your understanding of networking protocols. You will be a better network security person by reading things like TCP/IP Illustrated. By knowing what ping did, and what protocols it used, you would have been able to answer your own question.



Your Answer

Interviews

Parent Categories