|
Other Chapter Notes:
[Chapter
One] [Chapter
Two]
[Chapter
Three]
[Chapter Four]
[Chapter Five]
[Chapter Six]
[NID Outline]
[Back
to Notes]
[Home]
|
ICMP
- ICMP
– Internet Control Message Protocol: Method of reporting error
conditions and issuing and responding to simple requests.
- ICMP
Theory
- Why
do you need ICMP?
-
Ping
uses it.
- Provides
a simple means of communicating between hosts or a router and a
host to alert them to some kind of problem.
- Where
does ICMP fit in?
- ICMP
is in the same laver as IP.
- ICMP
is encapsulated in the IP datagram after the IP header.
- Understanding
ICMP
- Has
no port numbers like in TCP and UDP
- ICMP
is in the internet layer, TCP and UDP are in the transport layer.
- For
more ICMP information, go to www.iana.org/assignments/icmp-parameters.
- ICMP
gives no promise of the delivery of the message.
- Almost
every operating system will respond to ICMP requests, requires no
listening ports or services.
- Host
uses ICMP for simple replies and requests and uses it to inform
another host of some kind of error condition.
- Routers
also use ICMP to tell host of some kind of problem.
- Might
tell a host the destination host is unreachable.
- Mapping
Techniques
- Initial
step in reconnaissance attempts to discover the live hosts in a
network
- Attacker
can then send an attack to a live host
- If
mapping is not done, then an attack can get very noisy and will not
be very productive.
- One
of the most common methods of mapping is to issue ICMP echo
requests.
- A
host then responds to an ICMP request with an ICMP echo reply that
it is alive.
- Many
network administrators block ICMP echo requests.
- Tireless
Mapper
- IDS
usually does not issue alerts for individual ICMP echo requests.
- Multiple
requests from the same host would cause there to be an alert.
- Clever
Mapper
|