ICMP and Ping
What is ICMP, and what does Ping mean? And what are the implications for computer security?
Here is a bit of information on ICMP and Ping. ICMP stands for Internet Control Message Protocol, one of the most important protocols part of the Internet protocol suite. The purpose of ICMP is to send ICMP requests and receive good condition messages and error messages. Basically, ICMP packets are being sent to a remote computer or router, and the computer may respond with another ICMP packet, and therefore the status of this computer our router can be verified. Of course, there are other uses of ICMP, including temporarily modifying routes for network packets and more.
Ping, on the other hand, is an utility that can be used to send ICMP Echo Request messages to a remote computer and determine whether the computer is active and also verify the reliability of the connection, based on ICMP Echo response messages received, and through measuring the time it takes for network packets to get to that remote host and backwards.
The ICMP protocol is not a security problem by itself, however it can provide an attacker with additional information about a computer. Basically, an attacker can use ICMP to ping remote computers and determine whether they are active or not. You may want to disable ICMP completely on your external IP address, so your computer does no longer respond to ICMP messages from the Internet, and in this way you can hide your computer presence, at least via the ICMP protocol. However, please note that ICMP Echo messages are used by many ISP's for automatic verification of Internet connection status for their clients, and therefore this may interfere with automatic monitoring of your Internet connection and you may receive calls from your ISP as to finding out what's wrong with your connection. In such cases, you may ask your ISP which are the IP ranges used for their montioring tools, and then disable ICMP for everyone but those IP ranges, through a special added rule in your firewall.
Please note that ICMP redirects are sometimes used to get access to other networks through your local network; it is recommended to disable ICMP redirect on Windows machines, an option that is enabled by default in all Windows installations.
Here is a bit of information on ICMP and Ping. ICMP stands for Internet Control Message Protocol, one of the most important protocols part of the Internet protocol suite. The purpose of ICMP is to send ICMP requests and receive good condition messages and error messages. Basically, ICMP packets are being sent to a remote computer or router, and the computer may respond with another ICMP packet, and therefore the status of this computer our router can be verified. Of course, there are other uses of ICMP, including temporarily modifying routes for network packets and more.
Ping, on the other hand, is an utility that can be used to send ICMP Echo Request messages to a remote computer and determine whether the computer is active and also verify the reliability of the connection, based on ICMP Echo response messages received, and through measuring the time it takes for network packets to get to that remote host and backwards.
The ICMP protocol is not a security problem by itself, however it can provide an attacker with additional information about a computer. Basically, an attacker can use ICMP to ping remote computers and determine whether they are active or not. You may want to disable ICMP completely on your external IP address, so your computer does no longer respond to ICMP messages from the Internet, and in this way you can hide your computer presence, at least via the ICMP protocol. However, please note that ICMP Echo messages are used by many ISP's for automatic verification of Internet connection status for their clients, and therefore this may interfere with automatic monitoring of your Internet connection and you may receive calls from your ISP as to finding out what's wrong with your connection. In such cases, you may ask your ISP which are the IP ranges used for their montioring tools, and then disable ICMP for everyone but those IP ranges, through a special added rule in your firewall.
Please note that ICMP redirects are sometimes used to get access to other networks through your local network; it is recommended to disable ICMP redirect on Windows machines, an option that is enabled by default in all Windows installations.
This information is provided without any warranties of any kind. Use it at your own risk. Terms and conditions