Dear friends, today I am going to introduce a small inbuilt tool of Microsoft which uses ICMP port.  The tool is called PING, which everyone of you must have undergone at-least once till now. Let me explain it some more briefly. PING is a tool which checks that the remote system is alive (on network) or not. It sends the remote system 32bits of data packet and the remote system replies to that packet by sending the same size packet from the other end. In fact, the ICMP does not uses any port for the functioning, what it uses the 4^th layer authentication of TCP/IP suit. ICMP (ping, trace)is a layer 3 protocol suite within the TCP/IP suite, doesn’t test any layer 4 or above functions, therefore, it has no TCP/UDP layer 4 port number. The sub-part of ICMP is called ECHO which actually uses TCP port 7 for functioning. If you get port no. 7 blocked in your firewall, no one would be able to detect your system state by sending PING request. Although you might think that it’s a small tool and how it could be a helpful one for the hackers. But dear friend this very tool does a lot. Let’s see…

When any one normally fires PING request, it sends a 32bits packet to the other system or domain server. But also we could customize it to send large and large and very large data packets to the net system and in revert, that system will also fire the same size packet to us. And you can not imagine that we could customize it to 1MB per request and even more. Result : if the connectivity is an E1 line, it’ll take 10 mins and if the connectivity is on normal line, it takes just a few mins and the game gets over. The whole traffic to the next system gets chocked and every authentic query to that system/domain gets pending as it is still busy in sending and receiving data packets to/from us.

This is how this small tool creates a havoc for the system admins. But frankly saying, in today’s era, there is no fool who will deliberately sets open this port to the external network. You will not find any domain or any server on internet whom you can PING and gather request. It’s just by chance that the port remains open by mistake. There are many tools over the internet which can send continuous infinite data packet request to the host system and even as much large you wish to. The best tool which I have personally experienced is “Colasoft Ping Tool”. Search it on google and you will find it. Here also I am attaching a PDF file link below, which would describe you the importance of PING Tool and ICMP Port more briefly. It will illustrate how PING works and how we can exploit it to trace the packets from it. This theory is called Packet Filtering, which we will discuss further briefly. For today that’s all. Hope you must have learnt something at-least. Thanks for being with me.

Follow me on Facebook also.

http://www.sans.org/reading_room/whitepapers/threats/icmp-attacks-illustrated_477