Information, Computer and Network Security Terms Glossary and
ICMP is used by the IP layer to send one-way informational messages to a host. There is no authentication in ICMP, which leads to attacks using ICMP that can result in a denial of service, or allowing the attacker to intercept packets. There are a few types of attacks that are associated with ICMP shown as follows:
- ICMP DOS Attack : Attacker could use either the ICMP "Time exceeded" or "Destination unreachable" messages. Both of these ICMP messages can cause a host to immediately drop a connection. An attacker can make use of this by simply forging one of these ICMP messages, and sending it to one or both of the communicating hosts. Their connection will then be broken. The ICMP "Redirect" message is commonly used by gateways when a host has mistakenly assumed the destination is not on the local network. If an attacker forges an ICMP "Redirect" message, it can cause another host to send packets for certain connections through the attacker's host.
- ICMP packet magnification (or ICMP Smurf): An attacker sends forged ICMP echo packets to vulnerable networks' broadcast addresses. All the systems on those networks send ICMP echo replies to the victim, consuming the target system's available bandwidth and creating a denial of service (DoS) to legitimate traffic.
- Ping of death: An attacker sends an ICMP echo request packet that's larger than the maximum IP packet size. Since the received ICMP echo request packet is larger than the normal IP packet size, it's fragmented. The target can't reassemble the packets, so the OS crashes or reboots.
- ICMP PING flood attack: A broadcast storm of pings overwhelms the target system so it can't respond to legitimate traffic.
- ICMP nuke attack: Nukes send a packet of information that the target OS can't handle, which causes the system to crash.
ICMP Attacks Mitigation
Most ICMP attacks can be effectively reduced by deploying Firewalls at critical locations of a network to filter un-wanted traffic and from iffy destinations. In addition, to keep a reasonable balance between services and security, you should configure your ICMP parameters in your network devices as follows:
- Allow ping桟MP Echo-Request outbound and Echo-Reply messages inbound.
- Allow traceroute桾TL-Exceeded and Port-Unreachable messages inbound.
- Allow path MTU桰CMP Fragmentation-DF-Set messages inbound.
- Blocking other types of ICMP traffic
ICMP, ICMP Attack, Ping Attack, Smurf Attack, PING Flood, Ping of Death