August 27, 2015
Secrets of Magic Called "Ping"
August 27, 2015
ACCEPT icmp -- anywhere anywhere icmp echo-request
or: -A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPTAs you can see, there's "icmp-type 8" defined, which means we want to accept and reply for any echo requests.All codes are available here: http://www.nthelp.com/icmp.htmlBy looking at the names, ICMP protocol is used as a separate "tool?" purposed mainly by active network devices like routers, switches and so on. UDP PingNow, this is interesting and its' the main part I want to focus on. One can ask: "What? UDP Ping? WTH?"Those reactions are normal. UDP transport is something we rarely use in administration. Many users and admins want to know if their transport is successful. UDP is not the best way for this, But, still, there's UDP Ping and is used very often.UDP Ping uses UDP frames to communicate. Most of other Ping types use TCP frames. UDP Ping is here for us when we want to locate an active device through firewalls that other ping types might not discover.UDP Ping is some kind of "hack" in basic; the way it works is pretty simple. UDP Ping sends one UDP frame to the host. After receiving the ICMP answer: "ICMP Port Unreachable, "we won and we know the device is alive.Example:
[192.168.0.5] [192.168.0.3] UDP: D=31338 S=42560 LEN=8
[192.168.0.3] [192.168.0.5] ICMP: Destination unreachable (Port unreachable)If we get no answer, we can assume the device is really unavailable. The trick lays in the usage. As many UDP applications are made to not send any answer (why should they, right?), if we probe an open UDP port, we can get no answer even if the target is alive.Therefore, we try to UDP Ping a closed port instead. The most simple way is to use any high number port (they're often closed and unused).The main disadvantage of UDP Ping is it relies on ICMP. If ICMP answers from targets are filtered, there will be no answer to our Ping.When should you use UDP ping? Again, simple answer. When you run out of all other options, if TCP ping is blocked or the host is hidden behind a firewall that filters open ports.As it's an advanced and uncommon tool, it also uses really uncommon scenarios. But, it's good to know about this option. Thanks and I hope this was useful to you.