ICMP Internet Control Message Protocol

Source: Internet
Author: User
Tags bit set

ICMP is (Internet Control message Protocol) Internet controlled message protocol. It is a sub-protocol of the TCP/IP protocol family that is used to pass control messages between IP hosts and routers. The control message refers to the message that the network is not accessible, whether the host is available, whether the route is available, and so on. These control messages, while not transmitting user data, play an important role in the delivery of user data.

Chinese name
Icmp
Foreign names
Internet Control Message Protocol
Type
Control Message Protocol
Protocol family
TCP/IP protocol family
Belonging
Network Layer Protocol
Role
transferring control information between the host and the router
Directory
    1. 1 Definitions
    2. 2 Protocol Content
    3. 3 Importance
    1. 4 Check Algorithm
    2. 5 defending against attacks
    3. 6 Defense Methods
    1. 7 ICMP type
Defining the ICMP protocol is a non-connection-oriented protocol for transmitting error reporting control information. It is a very important protocol, it is very important for network security. [1] It is a sub-protocol of the TCP/IP protocol family, belonging to the Network layer protocol, mainly used to transfer control information between the host and the router, including reporting errors, Exchange restricted control and status information. ICMP messages are automatically sent when the IP data cannot be accessed, the IP router cannot forward packets at the current transfer rate, and so on. The ICMP packet is =1 the value of the Header Protocol Type field (Protocol 8bit) in the IP frame structure. As shown, the ICMP packets have a 8-byte-long header, where the first 4 bytes are in a fixed format, contain 8-bit type fields, 8-bit code fields, and 16-bit checksums The following 4 bytes take a different value depending on the type of ICMP packet.ICMP message FormatICMP principleICMP provides consistent and understandable error reporting information. The sent error message is returned to the device that sent the original data, because only the sending device is the logical recipient of the error message. The sending device can then determine the type of error that occurred based on the ICMP message and determine how to better resend the failed packet. But the only feature of ICMP is to report a problem instead of correcting the error, and the task of correcting the error is done by the sender. We often use ICMP protocols in the network, such as the ping that we use frequently to check for network access (both Linux and Windows), and this "Ping" process is actually the process of working with the ICMP protocol. There are other network commands, such as the TRACERT command for tracking routes, which are also based on the ICMP protocol. Protocol content The full name of ICMP is Internet Control Message Protocol. From a technical point of view.ICMP Common Typessaid that ICMP is a "false detection and return mechanism", the purpose is to enable us to detect the network connection status, but also to ensure the accuracy of the connection, the main functions are: · Detects if the remote host is present. Establish and maintain routing data. Redirect The data transfer path (ICMP redirect). Data flow control. ICMP in communication, mainly through the different categories (type) and code to let the machine to identify different connection conditions. The common categories listed in the following table:icmp are very useful protocols, especially when we want to make a judgment on the state of the network connection. The importance of ICMP protocol is very important for network security. The ICMP protocol itself is a specialICMP Common TypesPoint determines how easily it can be used to attack routers and hosts on the network. For example, in August 1999 Hisense Group "reward" 500,000 yuan test firewall process, its firewall suffered more than 334,050 ICMP attacks, accounting for the total number of attacks more than 90%! Visible, the importance of ICMP can never be ignored! For example, a "Ping of Death" (Ping of Death) attack can be initiated to the host, using the maximum size of the ICMP packet specified by the operating system not exceeding 64KB. The principle of the "Ping of death" attack is that if the size of the ICMP packet exceeds the 64KB limit, the host will have a memory allocation error, causing the TCP/IP stack to crash, causing the host to panic. (The operating system has canceled the limit of the size of the sending ICMP packet, which resolves the vulnerability) Additionally, sending ICMP packets to the target host for long periods of time, continuously, and in large quantities can eventually paralyze the system. A large number of ICMP packets can form an "ICMP Storm", which makes the target host spend a lot of CPU resources processing. The following code for the validation algorithm is passed through debugging under visual Studio + Windows 7. LPSZ specifies the header address of the packet to be computed, _dwsize specifies the length of the packet. int Calcchecksum (char* lpsz,dword _dwsize) {int DWSIZE;__ASM//embed assembly {mov ecx,_dwsizeshr ecx,1xor ebx,ebxmov esi,lpszread: All word added, save to EBX register LODSWMOVZX eax,axadd ebx,eaxloop readtest _dwsize,1//Verify data is an odd digit JZ calclodsbmovzx eax,aladd ebx, Eaxcalc:mov EAX,EBX//high and low bits added and eax,0ffffhshr ebx,16add eax,ebxnot Axmov dwsize,eax}return dwsize;} Defend against attacks although the ICMP protocol gives hackers the opportunity, but the ICMP attack is not no medicine to cure. As long as in the daily network management, prepare ahead of time, you can effectively avoid the damage caused by the ICMP attack. There are two ways to protect against the "Ping of Death" attack: The first method is to limit the bandwidth of the ICMP packets on the router and control the bandwidth of the ICMP to a certain extent, so that even with ICMP attacks, it consumes very limited bandwidth. The impact on the whole network is very small; the second methodis to set the processing rules for ICMP packets on the host, preferably by setting the Deny all ICMP packets. There are two ways to set up ICMP packet processing rules, one is to set packet filtering on the operating system, and the other is to install a firewall on the host. The settings are as follows: 1. Setting up ICMP filtering in Windows $ server provides the Routing and Remote Access service, but is not started by default, so start it first: Tap Routing and Remote Access in Administrative tools, and start the Setup wizard. Select the "Manually configure Server" entry and click the [Next] button. After a moment, the system will prompt that the Routing and Remote Access service is now installed. Do you want to start the service? , click the [Yes] button to start the service.Figure 1After the service starts, a "IP routing" will appear under the branch of the computer name, click on it to expand the branch, and then click "General", which will appear on the right side of the server's network connection (ie network card). Right click on the network connection you want to configure, click "Properties" in the pop-up menu, a window with the properties of the network connection will pop up, as shown in 1. There are two buttons in Figure 1, one is "input filter" (that is, filter the packets accepted by this server), and the other is "Output filter" (that is, filtering the packets sent by this server), here you should click the [Input Filter] button, a "Add Filter" window pops up, and then click the [Add] button. Indicates that you want to add a filter condition. Select ICMP in the drop-down list to the right of protocol and enter "255" in the ICMP type and ICMP encoding that appears, representing allFigure 2The ICMP type and its encoding. There are many different types of ICMP (ping is a type), and each type has many different states, denoted by different "encodings". Because of the complexity of its type and coding, it is no longer described here. When you click the [OK] button to return to the Input filter window, you will find one more item in the filter list (2). Click the [OK] button to return to the "Local Area Connection" window, then click the [OK] button, then the filter is in effect, and ping the host from the other computer will not succeed.Figure 32. Setting ICMP filtering with a firewall many firewalls have the ability to enable ICMP filtering by default. If not enabled, just check "protect against ICMP attacks" and "prevent others from pinging with Ping", as shown in 3. Defense method Select the appropriate firewall to effectively prevent ICMP attacks, the firewall should have stateful detection, detailed packet integrity check and good filtering rules control function. The stateful detection firewall dynamically allows the response information of out-of-Office packets to enter the network protected by the firewall by tracking its connection status. For example, the stateful inspection firewall can record an outgoing ping (ICMP echo Request), and in the next deterministic time period, the ICMP echo reply that allows the target host to respond is sent directly to the IP that was preceded by the Ping, in addition to the other ICMP Echo Reply messages will be blocked by the firewall. In contrast, a firewall of the packet filtering type allows all ICMP Echo reply messages to enter the network protected by the firewall. Many routers and Linux-based kernel 2.2 or previous versions of firewall systems are packet-filtered, and users should avoid selecting these systems. New attacks are constantly emerging, and firewalls can only prevent known attacks from being far from enough. Firewalls prevent known and unknown Dos attacks by carefully analyzing all the packets and removing the illegal packets. This requires that the firewall be able to check packet consistency. The security policy requires granular control over ICMP. The firewall should therefore allow filtering of the ICMP type, code, and packet size, and the ability to control the connection time and the rate at which the ICMP packets are generated. Configuring firewalls to prevent attacks once the appropriate firewall is selected, the user should configure a reasonable security policy. The following are commonly accepted firewall security configuration conventions that make it possible for administrators to weigh in on system security and ease of use. The firewall should enforce a default deny policy. All ICMP message types should be blocked except for outbound ICMP Echo Request, outbound ICMP Source quench, inbound TTL exceeded, and inbound ICMP Destination unreachable. ICMP type This is a complete list of ICMP types: Table C-1. ICMP type
TYPE CODE Description Query Error
0 0 echo reply--echoing response (ping answer) X  
3 0 Network unreachable--networks not up to   X
3 1 Host unreachable--hosts not up to   X
3 2 Protocol unreachable--protocol not reached   X
3 3 Port unreachable--Unreachable   X
3 4 Fragmentation needed but no frag. Bit set--needs to be fragmented but set not to shard bits   X
3 5 Source routing failed--Origin station routing failure   X
3 6 Destination Network unknown--Destination Unknown   X
3 7 Destination Host unknown--Destination Unknown   X
3 8 Source host isolated (obsolete)--The Origin master is quarantined (obsolete)   X
3 9 Destination Network Administratively prohibited--purpose networks are banned   X
3 10 Destination Host administratively prohibited--destination hosts are forced to prohibit   X
3 11 Network unreachable for tos--Networks unreachable due to service type TOS   X
3 12 Host unreachable for tos--due to service type TOS, hosts unreachable   X
3 13 Communication administratively prohibited by filtering--due to filtering, communication is forced to prohibit   X
3 14 Host precedence violation--mainframe ultra vires   X
3 15 Precedence cutoff in effect--priority abort effective   X
4 0 SOURCE quench--is closed (basic flow control)    
5 0 Redirect for network--Network redirection    
5 1 Redirect for host--host redirection    
5 2 Redirect for TOS and network--on service type and network redirection    
5 3 Redirect for TOS and host--to service type and host redirection    
8 0 echo request--echoing request (ping request) X  
9 0 Router advertisement--Router Advertisement    
10 0 Route solicitation--Router Request    
11 0 TTL equals 0 during transit--lifetime of 0 during transmission   X
11 1 TTL equals 0 during reassembly--time to live 0 during datagram assembly   X
12 0 IP header Bad (catchall error)-The wrong IP header (including various errors)   X
12 1 Required options missing--Missing required option   X
13 0 Timestamp request (OBSOLETE)-timestamp requests (obsolete) X  
14   Timestamp reply (OBSOLETE)--timestamp reply (void not used) X  
15 0 Information request (OBSOLETE)--Requests for information (void unused) X  
16 0 Information reply (OBSOLETE)--Information response (void unused) X  
17 0 Address mask request--Addressing masks request X  
18 0 Address Mask reply--addresses masked answer    
more Atlas of the term bookEntry picture(8)
Resources
  • 1. Shehiren . Computer Network (fifth Edition): Electronic Industry Press, 2008: Chapter Fourth

ICMP Internet Control Message Protocol

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.