Hacker News new | past | comments | ask | show | jobs | submit login
Ask HN: Is it well known that iOS devices transmit large ICMP echo/replies?
5 points by nickburns 17 days ago | hide | past | favorite | 6 comments
and if so, with what kind of data encapsulated?

i've observed this behavior in packet captures while blocking/unblocking/reblocking ICMP outbound ping.




Can you provide an example from network logs? ICMP packets are plain text readable [0]. What do you see?

> https://en.wikipedia.org/wiki/Internet_Control_Message_Proto...


i've seen what could only appear to be encrypted (read: not human but only machine readable) and fragmented payloads. consecutive packets are sized right up to the apparently negotiated MTU. and it very much appears to be encapsulated extraneous data, meaning completely unrelated to ICMP types 8 and 0.

the most curious part is that the 'connected' server/s replying to my clients are addressed only from Apple's IANA-assigned IPv4 netblock (and presumably from their IPv6 assignments as well).

i would need to set up a new capture as i don't have one documented. but i'm capturing actual packets off the wire, not simply logging.


Yes, it is well known. Google "Apple large ping attack debunk"


link?


https://letmegooglethat.com/?q=Apple+large+ping+attack+debun...


looking for credible sources only. thanks anyway though.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: