Abreviation of Internet Control Message Protocol. The protocol allows for the return propagation of error messages related to IP packets. ICMP is critical to basic network tools like ping and traceroute.
Questions tagged [icmp]
43 questions
125
votes
5 answers
Is it a bad idea for a firewall to block ICMP?
This question was inspired by this answer which states in part:
The generic firewall manifest file finishes off by dropping everything I didn't otherwise allow (besides ICMP. Don't turn off ICMP).
But, is it truly a good practice for a firewall to…
Justin Ethier
- 1,938
- 3
- 14
- 20
53
votes
7 answers
Security risk of PING?
I have been told that PING presents a security risk, and it's a good idea to disable/block it on production web servers. Some research tells me that there are indeed security risks. Is it common practice to disable/block PING on publicly visible…
Mr. Jefferson
- 705
- 1
- 5
- 7
31
votes
6 answers
Is pinging a website essentially the same as visiting the website through a browser?
I was looking at the domain information of a website (poaulpos.net) on who.is that Chrome connects to whenever I visit a specific an old Tech Times article about Thunderstrike 2, a Mac firmware attack ("Thunderstrike 2 Is The Latest Nightmare Of Mac…
oats58459
- 531
- 1
- 4
- 5
9
votes
4 answers
Computer sending unstopped ICMP echo request to an IP
I noticed while hanging in Microsoft Network Monitor that my computer is sending ICMP echo request to an arbitrary IP address 202.39.253.11.
I looked for the owner of this IP and I found it is owned by some Chinese or Taiwanese communication…
Alex Rose
- 91
- 1
- 4
8
votes
1 answer
Can ICMP Redirects still be used to redirect traffic in a LAN?
I tried just tried to migrate a MITM attack using hping3 with ICMP Redirects in my testlab.
hping3 -I eth0 -C 5 -K 1 -a 192.168.2.1 --icmp-ipdst 192.168.2.15 --icmp-gw 192.168.2.100 --icmp-ipsrc 192.168.2.105 192.168.2.105
I'm at 192.168.2.100,…
davidb
- 4,285
- 3
- 19
- 31
6
votes
3 answers
Is there any risk in allowing ping packets *out* through a firewall
The company I'm currently doing work for does not allow ping requests out through their firewall, for "security reasons" and I'm baffled as to why this is a concern.
Before you point me to (e.g.) this question, note that I'm not talking about…
iconoclast
- 407
- 5
- 10
5
votes
1 answer
Investigate compromised Linux server
I'm investigating a server that pings throughout the day to random IPs on the internet. I set up IPtables to log and drop (INPUT & OUTPUT) packets but I still see icmp traffic on the network firewall. I can't seem to track the process that is…
ssvegeta96
- 51
- 3
4
votes
2 answers
ICMP redirects and source routing in the wild?
Theoretically, ICMP redirect messages (IPv4 and IPv6) and source routing (IPv4) / routing headers (IPv6) are very dangerous. However, I'm curious as to if attacks using these features really work in the wild. The issues have been known for a long…
chris
- 3,000
- 14
- 22
3
votes
2 answers
When should I drop a packet with ICMP type 3, code 9 or 10, TCP RST, or TCP ACK?
This answer says there are a few ways of dealing with a blocked packet at a firewall:
At each of these levels a 1st IP packet (and any other protocol
packet as an ESP or AH packet) might receive 4 types of treatment:
the packet is simply dropped…
makerofthings7
- 50,090
- 54
- 250
- 536
3
votes
4 answers
Security risk of allowing ICMP "destination unreachable" packets on AWS
If I configure an Amazon AWS VPC, should I explicitly allow ICMP "destination unreachable" packets inbound? I am wanting the VPC firewall to block everything by default, however does this mean this (potentially) breaks things for DSL traffic? Does…
SilverlightFox
- 33,408
- 6
- 67
- 178
3
votes
1 answer
Is disabling IPv6 an effective workaround for "Bad Neighbor" Vulnerability (CVE-2020-16898)?
CVE-2020-16898 is a remote code execution vulnerability caused by the improper handling of ICMPv6 Router Advertisement packets by Windows TCP/IP stack. Microsoft's recommended workaround is to disable ICMPv6 RDNSS component.
My question is: In my…
Travis Madson
- 51
- 1
3
votes
1 answer
Is ping of death attack specific to ICMP or could it also happen with other transport protocols?
A Ping of Death attack is a denial-of-service (DoS) attack, in which the attacker aims to disrupt a targeted machine by sending a packet larger than the maximum allowable size, causing the target machine to freeze or crash. The original Ping of…
parii
- 31
- 1
3
votes
1 answer
Continuous ping on google's servers
Using Wireshark, I recently discovered that my computer (running on Windows 10) is sending ping requests to Google's servers. According to wireshark, my computer is sending ICMP requests and receive responses. After rebooting, ping is starting…
Khalgon
- 31
- 1
3
votes
1 answer
How to prevent ICMP redirection produced by a man-in-the-middle
How can I prevent my route to be redirected with redirecting ICMP packets from a man-in-the-middle?
I am specifically looking to avoid someone using ettercap with the -M icmp option. From man ettercap:
icmp (MAC/IP)
This attack…
user123456
- 520
- 1
- 4
- 13
3
votes
1 answer
NMAP discovery scan reporting host offline, pinging the same host gets ICMP responses
I ran an nmap -sn scan on a host, and nmap reported the host as down. I then pinged the same host with ping and got ICMP responses. I'm confused, because I was sure that -sn among other things, did an ICMP echo request.
Output from my two…
Juicy
- 1,407
- 4
- 16
- 31