What is ICMP (Internet Control Message Protocol)?

Because IP lacks a built-in method for transmitting error and control messages, Error control is provided by the Internet Control Message Protocol (ICMP). It’s utilized for error reporting and management inquiries. It is a supporting protocol that is used by network devices such as routers to deliver error messages and operational information, such as when a requested service is unavailable or a host or router cannot be accessed.

RFC 792 defines ICMP as part of the (IPS) Internet Protocol Suite. ICMP messages are commonly employed for monitoring or control purposes, or in response to IP operations failures (as specified in RFC 1122). ICMP errors are sent to the original packet’s source IP address.

For example, before forwarding an IP datagram, each machine (such as an intermediary router) shortens the amount of Time To Live (TTL) parameter in the IP header by one. The packet is deleted if the TTL is 0, and an ICMP time overrun in transit message is issued to the datagram’s source IP address.

The Internet Control Message Protocol (ICMP) is a network-layer protocol. TCP and UDP data packets are not related to ICMP packets because these codes are associated with other protocols to the transport layer.

ICMP and Ping

Ping is a utility that sends ICMP messages to a host and a target computer to report network connectivity and data relay speed. It’s one of the very few times a human can communicate directly to ICMP, which is usually used to automatically communicate across networked computers.

What is ICMP used for?

The primary function of ICMP is to report errors. When two devices are connected using an Internet connection, the Internet Control Message Protocol sends out errors to the device and if any of the data fails to reach its intended destination it sends a message.

ICMP Works

If a data packet is too massive for a router to handle, the router will reject it and deliver an ICMP response back to the data’s original source. The ICMP protocol is also used to do network diagnostics; the widely used terminal programs traceroute and pings both use it. The traceroute tool is used to show the path taken by two Internet devices.

A request must transit via the routing path, which is the real tangible path of connected routers before this reaches its destination. A ‘hop’ is the distance between two routers, and a traceroute also displays the time necessary for every hop along the way. This can help us to figure out what is causing the network to slow down.

The ping utility is just a condensed version of the traceroute program. A ping will measure the speed of a connection between the two units and report the exact time it takes for a packet of data to go to its destination and return to the sender’s device. Despite the fact that ping can not provide information about forwarding or hops, it is a very helpful statistic for determining the delay between two devices.

When a ping is executed, the ICMP echo-request and echo-reply messages are often sent. Unfortunately, network attacks such as the ICMP flood attack and the ping of death attack can take advantage of this process, causing an interruption.

How does Internet Control Message Protocol work?

One of the most important protocols in the IP suite is ICMP. ICMP, on the other hand, is not linked to any transport layer protocol like  User Datagram Protocol (UDP) or Transmission Control Protocol (TCP). It is a connectionless protocol, which means that before sending a message, a machine does not need to establish a position in the target device. This is in contrast to TCP, which requires the establishment of a connection before such a message can be transmitted, with the TCP handshake confirming that both devices are ready.

Internet Control Message Protocol messages are sent as datagrams that include an IP header that encodes the ICMP data. A datagram is a self-contained autonomous data item, similar to a packet.

Consider it a package that sends a fragment of a larger message across the internet. IP packets including ICMP in the IP data part are known as ICMP packets. The complete IP header from the initial message is in ICMP so that the end system knows what packet failed.

The ICMP header is specified by IP protocol number 1 and comes just after IPv4 or IPv6 packet header. The protocol has three parameters, which are described below. The Internet Control Message Protocol information and the Internet Protocol headers describe which packet failed to follow the three parameters. 

How is Internet Control Message Protocol used in DDoS attacks?

  • In an Internet Control Message Protocol flood attack

When an attacker attempts to overload a configuration model with Internet Control Message Protocol echo-request packets, this is known as a ping flood or ICMP flood. Each packet must be processed and responded to, draining the target’s CPU resources until approved and authorized users are unable to obtain service.

  • In Ping of Death Attack

A ping of death attack occurs when an attacker sends a ping to a targeted machine that is greater than the maximum permitted size for a packet, causing that system to freeze or crash. When the packet is fragmented on its journey to its destination, the volume of the data causes a buffer overflow when it is reassembled at the destination to its initial maximum-exceeding size.

In today’s age, the ping of death attack is something of the past. However, some of the older networking equipment, on the other hand, may still be targeted for the attack.

  • In Smurf Attack

An attacker uses a faked source IP address to transmit an Internet Control Message Protocol packet in a Smurf attack. The victim’s network equipment responds to the packet by sending answers to the faked IP address and flooding the target device with unauthorized ICMP packets. The Smurf attack, just like the ‘ping of death,’ is achievable today only by users owning legacy equipment.

In 3 layer DDoS assaults, Internet Control Message Protocol isn’t the only network layer protocol that is employed. GRE packets, for example, have been also used by attackers in the past.

Leave a Reply