Disable ICMP Redirect
Disable ICMP Redirect
Here we explain why users should disable ICMP redirect messages and how to do this on Windows operating system. But first of all, we must outline that ICMP is an important protocol for proper communication between servers and/or networks. ICMP is heavily used by routers, as welll as clients and servers (network endpoints) to determine network errors and availability, as well as performance statistics through various types of ICMP Packets.
Beyond this regular usage of ICMP, there are certain cases where ICMP packets can be used to attack a network. Although this type of problem is not common today, there are situations where such problems do happen. This is the case with ICMP redirect, or ICMP Type 5 packet. ICMP redirects are used by routers to specify better routing paths out of one network, based on the host choice, so basically it affects the way packets are routed and destinations. Through ICMP redirects, a host can find out which networks can be accessed from within the local network, and which are the routers to be used for each such network. The security problem comes from the fact that ICMP packets, including ICMP redirect, are extremely easy to fake and basically it would be rather easy for an attacker to forge ICMP redirect packets. The atacker can then on basically alter your host's routing tables and diver traffic towards external hosts on a path of his/her choice; the new path is kept active by the router for 10 minutes. Due to this fact and the security risks involved in such scenario, it is still a recommended practice to disable ICMP redirect messages (ignore them) from all public interfaces. Also, all servers should be configured properly, in order to deny all ICMP redirect requests received. ICMP redirect messages are used to send packets of data through alternate routes; you do not want anyone to be able to alter the routes and send such packets towards a destination of his/her choice by manipulating your local network and hosts.
one of the ways to disable ICMP redirects is to create static routes on private and public networks; in this way the routes are specified and ICMP redirect messages will not be generated by the local network.
Windows users should be aware that ICMP redirect is Enabled by default on such computers. ICMP redirect has been found to be active in default configurations on Windows 2000, Windows 2003 Server and Windows XP. While this is the highest security risk possible, in most cases the recommendation is to disable ICMP redirects on Windows based computers. This can be done through altering a registry key (please note that dealing with the registry can be dangerous for your compter and you should realy know what you are doing). In order to disable ICMP redirect on Windows computers, you need to alter the following key: HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters - by setting the EnableICMPRedirect entry to 0 (in most cases it will set to active - 1 by default).
Here we explain why users should disable ICMP redirect messages and how to do this on Windows operating system. But first of all, we must outline that ICMP is an important protocol for proper communication between servers and/or networks. ICMP is heavily used by routers, as welll as clients and servers (network endpoints) to determine network errors and availability, as well as performance statistics through various types of ICMP Packets.
Beyond this regular usage of ICMP, there are certain cases where ICMP packets can be used to attack a network. Although this type of problem is not common today, there are situations where such problems do happen. This is the case with ICMP redirect, or ICMP Type 5 packet. ICMP redirects are used by routers to specify better routing paths out of one network, based on the host choice, so basically it affects the way packets are routed and destinations. Through ICMP redirects, a host can find out which networks can be accessed from within the local network, and which are the routers to be used for each such network. The security problem comes from the fact that ICMP packets, including ICMP redirect, are extremely easy to fake and basically it would be rather easy for an attacker to forge ICMP redirect packets. The atacker can then on basically alter your host's routing tables and diver traffic towards external hosts on a path of his/her choice; the new path is kept active by the router for 10 minutes. Due to this fact and the security risks involved in such scenario, it is still a recommended practice to disable ICMP redirect messages (ignore them) from all public interfaces. Also, all servers should be configured properly, in order to deny all ICMP redirect requests received. ICMP redirect messages are used to send packets of data through alternate routes; you do not want anyone to be able to alter the routes and send such packets towards a destination of his/her choice by manipulating your local network and hosts.
one of the ways to disable ICMP redirects is to create static routes on private and public networks; in this way the routes are specified and ICMP redirect messages will not be generated by the local network.
Windows users should be aware that ICMP redirect is Enabled by default on such computers. ICMP redirect has been found to be active in default configurations on Windows 2000, Windows 2003 Server and Windows XP. While this is the highest security risk possible, in most cases the recommendation is to disable ICMP redirects on Windows based computers. This can be done through altering a registry key (please note that dealing with the registry can be dangerous for your compter and you should realy know what you are doing). In order to disable ICMP redirect on Windows computers, you need to alter the following key: HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters - by setting the EnableICMPRedirect entry to 0 (in most cases it will set to active - 1 by default).
This information is provided without any warranties of any kind. Use it at your own risk. Terms and conditions