ICMP The role of the agreement

ICMP yes “Internet Control Message Protocol”(Internet Control message protocol ) Abbreviation . It is TCP/IP A sub protocol of the protocol family , Used in IP host 、 Routing control messages between routers . Control message means that the network is not accessible 、 Whether the host can reach 、 Whether the route is available and so on . Although these control messages do not transmit user data , But it plays an important role in the transmission of user data .

In the network, we often use ICMP agreement , It's just imperceptible . For example, it is often used to check whether the network is connected Ping command , This “ping” The process is actually ICMP The process of agreement work . There are other network commands , Such as tracking route Tracert Commands are also based on ICMP Agreed .

ICMP Protocol is very important for network security .ICMP The characteristics of the protocol itself determine that it is very easy to be used to attack routers and hosts on the network . for example , stay 1999 year 8 In June, a company “ Offer a reward ”50 In the process of 10000 yuan testing firewall , Its firewall suffers ICMP Attack Da 334050 times , Of the total number of attacks 90% above . so ICMP The importance of can never be ignored .

such as , You can use the... Specified by the operating system ICMP The maximum packet size does not exceed 64KB This rule , Initiate... To the host “Ping of Death”( Death Ping) attack .

Ping of Death Attack principle

“Ping of Death” The principle of attack is ： If ICMP The packet size exceeds 64KB At the upper limit , The host will have a memory allocation error , Lead to TCP/IP Stack crash , Cause the host to crash .

Besides , To the target host for a long time 、 continuity 、 Send a lot of ICMP Data packets , It will eventually paralyze the system . a large number of ICMP Packets will form “ICMP The storm ”, It makes the target host consume a lot of CPU Resource processing , Tired of crash .

ping.exe The principle is , To specify the IP Address sends a packet of a certain length , As agreed , If specified IP If the address exists , Will return the same size packet , Of course , If you don't return within a specific time , Namely “ Overtime ”, It is considered that the designated IP The address doesn't exist . because ping It uses ICMP agreement , Some firewall software will block ICMP So sometimes ping The results can only be used as a reference ,ping It doesn't necessarily mean that the other party IP non-existent .

ping Command is a very useful network command , We often use it to test network connectivity . But it's also a double-edged sword , Others use ping Commands can detect a lot of sensitive information on your computer , Cause insecurity . For the sake of safety , prevent ping There are many ways , Like firewalls , Another example is to create a system that prohibits all computers ping This machine IP Address security policy .

because ping It uses ICMP agreement , Some firewall software will block ICMP agreement .IPSec How the security policy “ prevent ping” Of ？ The principle is to create a new IPSec The policy filters all the data in this machine ICMP Data packets . This can really effectively “ prevent ping”, But it will also leave sequelae . because ping Command and ICMP The agreement is closely related .

stay ICMP The protocol application contains 11 A message format , among ping Command is to use ICMP In the agreement “Echo Request” Message to work . but IPSec Security policy prevention ping Use the kill to kill method , Put all the ICMP All messages are filtered , In particular, all messages in other formats are also filtered at the same time . Therefore, in the LAN environment of some special applications , Prone to packet loss , Affect the normal work of users . Therefore, it is recommended to use firewall .