Site icon Take On Devops

Pingsweeping – How and why?

Pingsweeping – Intro & usage.

Assume that you are a burglar and you want to steal. Then your first goal will be to identify your targets. Similarly, in the context of hacking, the first thing a hacker needs to do is identify the target hosts. In order to do so they send ICMP requests (pings) to all hosts in a network. If any host in the network replies to the ICMP request, then it is considered to be a live host.

Other than in hacking, a legit use of pingsweeping could be when determining which of your corporate servers are online and which of them are not. Also they are be used for penetration testing as well.

Here is a script that I wrote to check if any of the corporate servers are up.

https://github.com/ihsanizwer/Server-Status

Pingsweeping – Challenges.

Since many companies doesn’t want intruders outside their networks messing around, they can prevent pingsweeping. For this purpose they use statefull firewalls. The statefull firewalls are instructed to drop any ICMP requests/reponses originating from outside of the corporate network. But that can even be implemented in a regular firewall right? Yes it could be. You can drop all ICMP traffic. This can be disadvantageous when you need to ping outside the network from the inside.

The benefit of statefull firewalls is that it solves the above problem. They maintain a state of all the ICMP requests that originated from inside. When ICMP responses arrive at the firewall they are checked. If a request was made from the inside, then the reponse is permitted in. Other responses are dropped.

Bottom line :stateless firewalls can drop all ICMP traffic. Statefull can selectively drop them or allow them in.

Pingsweeping tools.

One of the most popular tool used by many is nmap. The GUI based program of nmap is zenmap. Both are excellent tools to do pingsweeping. For other reconnaissance attacks also nmap is a great tool. However, there is a catch. Many corporate networks have different types of networks. Some of them are critical and some not. In such cases, it becomes difficult to pingsweep on multiple networks at the same time.

Therefore, I wrote a script to perform pingsweep on such cases. This script is available at my github page. https://github.com/ihsanizwer/MineSweeper Usage instructions are available in the readme.md file.