Home>
ICMP
02
Ping & Traceroute
Ping is one of the best-known diagnostic tools based on ICMP. It sends ICMP echo requests to a target device (host) and waits for echo responses. This makes it possible to test the reachability of a device in the network and to measure the round trip time (RTT), i.e. the time it takes for a packet to reach its destination and return. Ping is a simple but effective diagnostic tool for checking the network connection and latency and is usually executed as a console command.
Traceroute is another ICMP-based diagnostic tool. Traceroute can be used to determine the exact path that data packets take through a network to reach their destination. It sends ICMP packets with incrementally increased time-to-live (TTL) values. Each router on the path decreases the TTL value by one and responds with a “Time Exceeded” ICMP message when the TTL value reaches zero. These responses allow Traceroute to map the route and measure the time it takes for each packet to reach each hop. Traceroute provides detailed information about all intermediate stations (hops) between source and destination and thus helps to identify bottlenecks or faulty connections in the network.
03
What ICMP Packet Types Are There?
ICMP uses various packet types to report network errors and perform diagnostics. The ICMP packet types are assigned by the Internet Assigned Numbers Authority (IANA). The most important ICMP packet types include:
Type 0: Echo Reply - Reply to an echo request to check the reachability of a host
Type 3: Destination Unreachable - Informs the sender that a destination address is unreachable. Various codes indicate specific reasons, e.g. network or host unreachable.
Type 4: Source Quench (deprecated) - Used to ask the sender to reduce the speed of the packet transmission.
Type 5: Redirect - Instructs a host to use a better route to a destination via another router.
Type 8: Echo Request - Used in the ping command to test the reachability of a host.
Type 9: Router Advertisement - Routers regularly send information about themselves to hosts in the network.
Type 10: Router Selection - Hosts send requests to cause routers to immediately send Router Advertisement messages.
Type 11: Time Exceeded - Indicates that the time to live (TTL) of a packet has expired before it could reach its destination.
Type 12: Parameter Problem - Reports problems with the header of a received packet.
Type 13: Timestamp - Allows a host to request the time from another host (timestamp message).
Type 14: Timestamp Reply - Reply to a timestamp request with time information according to type 13.
04
What Are the Dangers of ICMP?
Cyber criminals misuse the properties of ICMP to provoke network infrastructure overload. In addition to the ICMP flood, the most common types of attack include the smurf attack and the ping of death. ICMP, which was primarily created for network diagnostics, has various vulnerabilities that can be exploited by attackers. One of the biggest security deficits is the lack of authentication of ICMP messages, which enables attackers to send forged packets.
The Security-as-a-Service solutions from Myra provide reliable protection for your infrastructure against ICMP-based threats and other risks. Ensure the security of your critical business processes proactively, sustainably and in compliance.
What Protective Measures Help Against ICMP Attacks?
To protect themselves against ICMP attacks, organizations should take the following measures:
Monitoring network traffic
Unusually high volumes of ICMP traffic may indicate an ongoing attack.
Rate Limiting
Using rate limiting, network administrators have the option of blocking harmful traffic via ICMP packets.
Firewall rules
By using and properly configuring firewall instances, ICMP traffic from unknown or malicious sources can be blocked.
DDoS protection solutions
Dedicated DDoS protection solutions defend networks and infrastructures effectively and in real time against ICMP flood attacks and other threats from malicious traffic flows.
