Identifying ICMP Hackery Tools Used In The Wild Today

by Ofir Arkin Sept. 1, 2017 via Symantec

Several tools exist in the wild today that allow a malicious computer attacker to send crafted ICMP datagrams. Those datagrams can be used for various tasks: host detection, advanced host detection, Operating System Fingerprinting and more. This article will examine whether we can identify the different tools used for ICMP hackery that are available in the wild today. If we can identify the tool, we may be able to identify the underlying operating system or a number of operating systems that this tool might be running on top of. We will use the fact that some of these tools inherit some values from the underlying OS. This will be done passively, without actively querying the malicious computer attacker's machine.