The Network Security. Org

How can attacker use ICMP for reconnaissance?

RFC 792 spelt out the goals and specifications of the Internet Control Message Protocol (ICMP). Basically, it is used as a means to send error messages for non-transient error conditions and to provide a way to query the network in order to determine the general characteristic of the network.

The Internet Protocol (IP) is not designed to be absolutely reliable. The purpose of the ICMP messages is to provide feedback about problems in the communication environment, not to make IP reliable. There are still no guarantees that a datagram will be delivered or a control message will be returned. Some datagrams may still be undelivered without any report of their loss. The higher level protocols that use IP must implement their own reliability procedures if reliable communication is required.

ICMP uses the basic support of IP as if it were a higher level protocol. However, ICMP is actually an integral part of IP and must be implemented by every IP module.

ICMP suppose to be a relatively simple protocol, but it can be altered to act as a conduit for evil purpose. It is therefore important to understand how this protocol can be used for malicious purposes.

This assignment examines how ICMP can be used in a non-convention way, putting itself as a potential threat. We will concentrate on the use of ICMP in a non-convention way rather than the normal use of ICMP. SANS Intrusion Detection FAQ: How can attacker use ICMP for reconnaissance?

More News

• NetWitness releases free version of security software
  



• Three Reasons Why Users Won’t Buy Into Security
  



• Automated security testing & its limitations
  



• How to Use Network Behavior Analysis Tools
  



• The insider security threat in IT and financial services
  



• Top 10 Network Security Threats
  



• Big leap in malicious Web sites
  



• Network security makes a quantum leap
  



• Microsoft Preps 11 Security Bulletins for Patch Tuesday
  



• Practical Defense in Depth
  



• Apple releases another mega-patch for Mac OS X
  



• Security flaw in smart cards poses risk for transit, building access
  



• Free TrojanProof Password Tool Released for Windows
  



• Security scans with OpenVAS
  



• Do ISPs pose a bigger online privacy threat than Google
  



• HTTPS Cookie-Hijacking Tool CookieMonster Gobbles Personal Data
  



• Anatomy of a botnet
  



• Microsoft patches 8 critical bugs in Windows, Office
  



• Virtualization users should expect more attacks
  



• Threat From DNS Bug Is not Over, Experts Say