SecurActive blog

ICMP, network administration & security monitoring

What is ICMP?

ICMP stands for Internet Control Message Protocol and is also a common IP transport protocol. It seems pretty explicit, although most people reduce ICMP to ping reply commands, a good way to test whether a host can be reached through a network and how much it takes for a packet to make a round trip through the network…
Obviously ping and trace-route-like tools are very useful for network administrators… but there is much more to say about ICMP and the help it can provide for network administration & diagnosis.
In total, ICMP can … Continue Reading

In the recent weeks, we have heard (or worse we have experienced) a lot about viral threats, Zero day attacks, Conficker and polymorphic worms. Although these concepts designates totally different realities and phenomenons, they have much in common and especially when it comes to the consequences they may have on the security of your IT systems or to the defences we may put in place to mitigate them.
Let’s start by clarifying what they are, what differentiates one from the other and what they have got in common.

What is a zero day attack?

A zero day attack designates … Continue Reading

The DNS (Domain Name System), which has been defined in detail in the RFC #1034 and 1035, is key to the good performance of TCP/IP networks. It works in a hierarchical way; This means that if one of the DNS servers is misconfigured or compromised, all the network, which relies on it, is also impacted. Although the DNS protocol is quite simple, it generates a significant number of issues: configuration issues, which affect the performance of the network as well as security issues, which jeopardize the network integrity.

The purpose of this article is to cover the … Continue Reading