ICMP types used in attacks
What are the most common ICMP packet types used in attacks?
(I'm looking to block them off with the REJECT flag) |
AFAIK the main ICMP usage in DoS attacks are (spoofed source address) echo requests to a (remote subnet) broadcast addr to build up amplification (smurfing). I think it's best to try to see restricting ICMP usage as a small part in the larger security framework which consists of (not having those ancient services running in the first place) sysctl values, address filtering, rate limiting and blocking or restricting some ICMP type usage (traceroute (TTL), redirection). Please also note ICMP is an error reporting protocol so blocking everything definately isn't a Good Thing to do.
For more, please see the 1st thread in this forum, post #2 under DoS and DDoS and also look at Robert Graham's Firewall FAQ as it has a good piece of information on ICMP. HTH. |
Well Nessus just lists following when doing a scan:
Quote:
Quote:
|
All times are GMT -5. The time now is 07:34 AM. |