Re: icmp redirect

From: Cielieska Nathan (ncielieska@gmail.com)
Date: Wed Dec 12 2007 - 13:13:03 ART

• Next message: Brian Dennis: "Re: lab exam prep"
• Previous message: Scott Morris: "RE: lab exam prep"
• Maybe in reply to: Navid: "icmp redirect"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Navid,

ICMP redirects can be the source of attack on a local network. A
person can craft a redirect packet to send traffic to a port and in
essence spanning said port. The router
sends this message because it sees another device on the segment as
"being a better path". If you can manipulate that packet to point to
a device that you are using to
discover the network.. you have been hacked.

Nate
On Dec 12, 2007, at 10:51 AM, Navid wrote:

> Hi,
>
> In IE lab "IP Address spoofing prevention with ACL", it is
> written : "it is a good idea to filter out ICMP redirect messages"
>
> What are we trying to avoid by denying icmp redirect messages ?
>
> Thanks,
> Navid
>
> ______________________________________________________________________
> _
> Subscription information may be found at: http://www.groupstudy.com/
> list/CCIELab.html

• Next message: Brian Dennis: "Re: lab exam prep"
• Previous message: Scott Morris: "RE: lab exam prep"
• Maybe in reply to: Navid: "icmp redirect"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Tue Jan 01 2008 - 12:04:30 ARST