1. ICMP Spoofing Attacks Dr. Neminath Hubballi IIT Indore © Neminath Hubballi

2. ICMP Basics  ICMP is a protocol often considered to be part of IP layer  Normally used to communicate  Information  Error  IP does not have an error reporting mechanism IIT Indore © Neminath Hubballi

3. ICMP in Layering IIT Indore © Neminath Hubballi

4. ICMP Header IIT Indore © Neminath Hubballi

5. ICMP Types IIT Indore © Neminath Hubballi

6. Routing Tables in Hosts IIT Indore © Neminath Hubballi  In Linux it is maintained at /proc/net/route  On windows machine type route print at the command prompt  It will print the routing table  On the command prompt type route  it will print the routing table

7. Routing Table in Windows

8. ICMP Redirect  A redirect message is sent if the better route to the destination is on the same LAN as host  Essentially packet enters and leave the router from the same interface  Erroneous situations  Indicating a wrong path so that packet always traverses through attacker  A lazy router can reply saying you are the best person to send a packet to person x  Host sends a packet itself – infinitely in loop IIT Indore © Neminath Hubballi

9. ICMP Redirect Courtesy: cisco.com IIT Indore © Neminath Hubballi

10. Redirect Message Format IIT Indore © Neminath Hubballi

11. Protection Against ICMP Redirect  Block ICMP messages  Configure Firewall and Routers to drop ICMP redirect packets /etc/sysctl.conf in Linux  You need to edit the file /etc/sysctl.conf in Linux  Do not accept ICMP redirects  net.ipv4.conf.all.accept_redirects = 0 net.ipv6.conf.all.accept_redirects = 0  Accept ICMP redirects only for gateways listed in our default  net.ipv4.conf.all.secure_redirects = 1  Do not send ICMP redirects  net.ipv4.conf.all.send_redirects = 0 IIT Indore © Neminath Hubballi