Trace Route

Introduction

Our last blog examined in detail the error messages that are generated by the ICMP. In this final series, we look at the applications and the security vulnerabilities that are associated with it.

The Common Applications of the ICMP

There are two common applications, or utilities that the ICMP is used for, which are as follows:

1) The Traceroute:

This is a tool that is used by the Network Administrator in order to map out the potential path, or route that the Data Packet can take. In this scenario, empty Data Packets are used to accomplish this task. For example, the initial Data Packet is assigned a TTL value of 0. When the first Router receives this Data Packet, it will then be dropped, and a corresponding ICMP message will then be transmitted back to the source computer. This indicates the first Router that will be used in formulating the path for the Data Packets to take. After the initial Data Packet is sent out and returned, the next Data Packet is then sent out with a TTL value of 1. Once the next Router receives this Data Packet, it will decrease the value by -1, and thus, it will be returned with another ICMP message, thus revealing the identity of the second Router. This entire process keeps repeating itself by consistently adding a value of 1 and then decreasing it by -1 to each Data Packet that is sent, so that the map of the Routers that will be used as to where the Data Packets will travel through can be computed (from the source computer to the destination computer). The primary disadvantage of using Traceroute is that it can only be used to map out current and future paths for the Data Packets to take, it cannot be used to look at past paths that have been used by the Data Packets. The Network Administrator can also take of advantage of using the following command:

*-j: This allows you to choose the Routers that you want to use when creating a map of the network flow for the Data Packets to take.

2) The Ping:

In this scenario, there are two types of ICMP messages that are used, the Echo Request and the Echo Reply. First, the Echo Request is sent out, and then later, the Echo Reply is transmitted back. This application literally keeps track of the time between the issuance of these two commands so that the Network Administrator will know will get the exact “Round Trip Time” for a Data Packet to reach its destination and return to the point of origination. It is interesting to note here that it is Ping which can create a non-error related ICMP message. You can invoke two commands here in order to determine the shortest time that a Data Packet can take:

*-j: This command suggests a particular route;

*-k: This command dictates a certain route.

The Security Vulnerabilities of the ICMP

Despite the advantages that the ICMP does offer, it is also prone to several key Security vulnerabilities, which are as follows:

1) The Ping Flood:

This type of attack is very similar to that of a Distributed Denial of Service (DDoS) attack, but rather than using malformed Data Packets to flood the server to slow down its processes, it is flooded with ICMP Echo Requests.

2) The Ping of Death:

This occurs when the Cyberattacker sends out Ping Requests that are too large (in terms of Bytes). In this scenario, the datagram that is used to send out the Ping Request becomes too oversaturated with “filler” information/data that has no relevant meaning. Because of this, it will be broken down into what is known as the “Maximum Transmission Unit”, or “MTU” for short. Once the Router picks up these broken-down datagrams, it will then try to reassemble them again back into its original format before it is sent off to its destination. But, if the reassembled datagram is larger than what the memory resources of the Router can handle, it will literally jam up and become non functionable. As a result of this, the entire flow of the network traffic can be slowed down, or worst yet, come to a grinding halt.

3) The Twinge Attack:

This is like the Ping Flood attack, but rather than the ICMP Echo Requests coming from just one computer, they are coming from multiple computers, but they also have a fake source IP Address in the header of the Data Packet.

Conclusions

The ICMP will continue to be a powerful tool for the Network Administrator in order to diagnose network problems and other related issues. Check out this link for the various downloads that are available for the ICMP.