How can ICMP packets be misused by an attacker to gain access to internal network resources?
ICMP is one of the main protocols of the IP suite. However, ICMP is not associated with any transport layer protocol, such as Transmission Control Protocol (TCP) or User Datagram Protocol (UDP). It is a connectionless protocol, meaning a device does not need to open a connection with the target device before sending a message. This contrasts with TCP, for example, where a connection must be established before a message can be sent, establishing that both devices are ready through a TCP handshake.
ICMP messages are transmitted as datagrams and consist of an IP header that encapsulates the ICMP data. A datagram, much like a packet, is a self-contained independent entity of data. Think of it as a package carrying a piece of a bigger message across the network. ICMP packets are IP packets with ICMP in the IP data portion. ICMP messages also contain the entire IP header from the original message, so the end system knows which packet failed.
How can ICMP packets be misused by an attacker to gain access to internal network
resources?
Step by step
Solved in 2 steps