discreet ping

Hello,
is it possible to send out a ping that can't be
logged (by firewalls etc) by thereceiving host?
I want to check if a host is up without it noticing this.
Looked at ping an nmap options, this seems not to exist.

thanks rel.

rel <(E-Mail Removed)> wrote:
> Hello,
> is it possible to send out a ping that can't be
> logged (by firewalls etc) by thereceiving host?
> I want to check if a host is up without it noticing this.
> Looked at ping an nmap options, this seems not to exist.

If the host doesn't "notice" the ping, how exactly do you expect it to
respond?

--
Frank Sweetser fs at wpi.edu
WPI Network Engineer
GPG fingerprint = 6174 1257 129E 0D21 D8D4 E8A3 8E39 29E3 E2E8 8CEC

rel <(E-Mail Removed)> writes:

> is it possible to send out a ping that can't be
> logged (by firewalls etc) by thereceiving host?

Any packet a host receives has the potential to be logged. Even
so-called "stealth scans" can be detected if sufficient logging or
monitoring is in place.

> I want to check if a host is up without it noticing this.

What problem are you trying to solve?

--
Michael Fuhr
http://www.fuhr.org/~mfuhr/

rel wrote:

> Hello,
> is it possible to send out a ping that can't be
> logged (by firewalls etc) by thereceiving host?
> I want to check if a host is up without it noticing this.
> Looked at ping an nmap options, this seems not to exist.
>
> thanks rel.
>

Not unless you want to totally rewrite quantum mechanics.

If your objectives are legit and you have the right authority on the
host in question you may perform appropriate tests and write filters for
the server's logs to weed out 'real traffic' for statistical purposes
from NMS probing.

If what you're trying to monitor is a 'server', simply 'pinging' may not
be sufficient, but you may require probes specific for services running
(web, smtp, pop3, whatever).

B.

rel wrote:

> is it possible to send out a ping that can't be
> logged (by firewalls etc) by thereceiving host?
> I want to check if a host is up without it noticing this.
> Looked at ping an nmap options, this seems not to exist.
>

No. All you can do, is watch for transmissions that host might make. If
you're not on the local network or along the path that such tranmissions
would take, you won't have much luck.

Thanks for clearing this up.
It's logical anyway (kinda knew this),
that the system cannot react with an echo
if it wouldn't notice the ping.

The reason why I was looking for this
is somewhat private

rewriting QM includes rewriting myself..
I'am would love to..

thanks, rel

rel wrote:
> Hello,
> is it possible to send out a ping that can't be
> logged (by firewalls etc) by thereceiving host?
> I want to check if a host is up without it noticing this.
> Looked at ping an nmap options, this seems not to exist.
>
> thanks rel.
>

Try hping2/hping3. If this program can't do it, then probably
it can't be done. The idea is to play with the fragment options
and such so they can bypass the firewall. Try it with your own
firewall.

But have in mind that if you want a response (a icmp-reply packet)
then it probably *will* be logged by the firewall with your IP in
it, so your problem it's hard to solve.

What about just simply make a single nmap SYN connection to port 80?
Nobody logs that and you can know with a sniffer if the host it's up.
The same it's applicable to any port you want. Or try a closed port
and wait with the sniffer to see if it answers an ICMP response.


--

Jose Maria Lopez Hernandez
Director Tecnico de bgSEC
(E-Mail Removed)
bgSEC Seguridad y Consultoria de Sistemas Informaticos
http://www.bgsec.com
ESPAÑA

The only people for me are the mad ones -- the ones who are mad to live,
mad to talk, mad to be saved, desirous of everything at the same time,
the ones who never yawn or say a commonplace thing, but burn, burn, burn
like fabulous yellow Roman candles.
-- Jack Kerouac, "On the Road"