Jan 212008
 


ICMP is an important protocol for proper communication between servers and/or networks. ICMP is heavily used by routers, as welll as clients and servers (network endpoints) to determine network errors and availability, as well as performance statistics through various types of ICMP Packets.

Beyond this regular usage of ICMP, there are certain cases where ICMP packets can be used to attack a network. Although this type of problem is not common today, there are situations where such problems do happen. This is the case with ICMP redirect, or ICMP Type 5 packet. ICMP redirects are used by routers to specify better routing paths out of one network, based on the host choice, so basically it affects the way packets are routed and destinations. Through ICMP redirects, a host can find out which networks can be accessed from within the local network, and which are the routers to be used for each such network. The security problem comes from the fact that ICMP packets, including ICMP redirect, are extremely easy to fake and basically it would be rather easy for an attacker to forge ICMP redirect packets. The atacker can then on basically alter your host’s routing tables and diver traffic towards external hosts on a path of his/her choice; the new path is kept active by the router for 10 minutes. Due to this fact and the security risks involved in such scenario, it is still a recommended practice to disable ICMP redirect messages from all public interfaces.

ICMP Redirect is by default enabled in Windows. If you want to disable ICMP Redirects in Windows you need to edit the Windows Registry and modify the default value for ICMP Redirects.

Disable ICMP redirects in Windows

Click Start>Run enter “regedit” and click on ok

This will open Windows Registry editor here you need to navigate the following key from left pane

HKEY_LOCAL_MACHINE\System\Currentcontrolset\Services\Tcpip\Parameters

Now you need to check in the right pane, double-click “EnableICMPRedirect” DWORD and change the value to “0″ and click on ok

that’s it this will disable ICMP redirects in Windows

Incoming search terms:

 Leave a Reply

(required)

(required)

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>