While it is true, the Informatic security is defined as the process of prevent, control and detect the unauthorized use of any computer system. Reason why, it is based on a large number of measures necessary to achieve protect users from intruders who use digital resources with malicious intent.
That is why, usually, computer security encompasses a large number of security techniques worth knowing. Thus, it is important to know what is ICMP Tunneling about, given that it is one of the most powerful computer attacks that has spread the most in this environment. Well, by nature, manages to establish a covert connection.
Therefore, to know how to protect yourself against this illegal action, in this post, we want to explain what is ICP Tunneling for, as well as, what is its operating mechanism in most cases. As well as how to act against an attack of this type on any device, in order to avoid being a victim.
What is an ICMP Tunneling attack and what is it for?
Basically an ICMP Tunneling is defined as a breakthrough that is used to prevent firewalls from fail to establish communication difficult to trace or spy. Taking into account that, a firewall or firewall refers to the part of a computer system capable of restricting unauthorized access with the aim of admitting authorized communications, exclusively.
In that sense, a ICMP Tunneling attack serves to bypass such computer systems that do not block ICMP packets, based on the message control protocol used to send error messages indicating that a host not available. In addition to that, these attacks are often used to establish a covert connection between two remote machines using ICMP echo requests and reply packets.
What is the mechanism of action of this type of computer attack?
As soon as the mechanism of action of this class of attacks or, its operation, we highlight that; relies on injecting arbitrary data into an echo packet which is sent to a computer remotely. In this way, said machine responds in the same way and thus, inserts an illegal response into another ICMP packet to transmit it back.
So while the proxy uses echo reply packets, the client actually performs all required communication using ICMP echo request packets. So technically it is possible for the proxy to use echo request packets, but such packets they are not forwarded to the client because the latter is behind a translated address.
Thanks to this operating mechanism, usually, ICMP Tunneling attacks can be used to bypass firewall rules in view of the actual traffic diversion they manage to perform. Valuing that, in this way, network administrators they will not be able to detect this kind of traffic from your network, if they do not have a deep package inspection or relevant registry review.
How to protect myself from an ICMP Tunneling attack on any device?
In view of that, it is extremely difficult to stop or prevent the creation of ICMP tunnels as powerful computer attacks, because the firewall can propagate as control messages issued by the operating system itself, supposedly; it is not so easy to protect yourself from these threats.
Therefore, to try to avoid or counteract them, it will be necessary to focus on specific security measures that, we mention here to prevent the ICMP tunnel:
- It is necessary to allow the passage the large size of ICMP.
- It is useful to admit administrators the fact of use ICMP messages freely.
- Too you can choose run strong authentication and encrypted payload.
- It should work when the computer is behind personal firewalls at the application level.
Thus, it is necessary to understand that it is essential to ensure that you enforce all these rules, both when the ICMP packet rises to the network stack and also when it descends from the network. In addition to this, the policy should be implemented as well in the execution of the ICMP Kernel protocol.