Management Issues inICMP (Internet Control Message Protocol) Byungchul Park DPNM Lab., CSE, POSTECH Email: firstname.lastname@example.org 2008. 5. 12
Table of Contents • Introduction • ICMP functionalities • MIB for ICMP • Security Vulnerabilities of ICMP • Redesign ‘Source Quench’ error report • Summary
Introduction (1/2) • Unreliable IP protocol - “Best Effort” • What will happen if… • Packet can not find a router to go to final destination • TTL value goes 0 • Fragmented packets can not reach to final destination in time • Network error • A host or router need some information from other hosts or routers
Introduction (2/2) • Why the ICMP is needed? • Lacks of IP protocol’s functionality!!! • Unreliable and connectionless datagram delivery • Best-effort delivery service • Lack of error control and lack of assistance mechanisms • No error-reporting and error-correcting mechanisms • Lacks of mechanism for host and management queries ICMP has been designed to compensate for the above deficiencies
ICMP Messages Error-reporting Query ICMP Functionalities (1/3) • Error reporting : report problems that a router or host may encounter when it processes an IP packet • Query message : get specific information from router or a host in order to help a host or network management.
ICMP Functionalities (2/3) • ICMPv4
ICMP Functionalities (3/3) • ICMPv6
MIB for ICMP (1/2) • Important functionalities • Error report • Query for network management Monitoring every ICMP message is meaningful in network management aspect • Example • Too many “source quench” message network congestion?! • Too many “redirection” messages ICMP attack?!
MIB for ICMPv6 - RFC2466 (2/2) ipv6IfIcmpInMsgs, ipv6IfIcmpInErrors, ipv6IfIcmpInDestUnreachs, ipv6IfIcmpInAdminProhibs, ipv6IfIcmpInTimeExcds, ipv6IfIcmpInParmProblems, ipv6IfIcmpInPktTooBigs, ipv6IfIcmpInEchos, ipv6IfIcmpInEchoReplies, ipv6IfIcmpInRouterSolicits, ipv6IfIcmpInRouterAdvertisements, ipv6IfIcmpInNeighborSolicits, ipv6IfIcmpInNeighborAdvertisements, ipv6IfIcmpInRedirects, ipv6IfIcmpInGroupMembQueries, ipv6IfIcmpInGroupMembResponses, ipv6IfIcmpInGroupMembReductions
More Issues • Simple statistics information is not enough to manage every network problem ICMP does not correct errors, it simply reports them. • Tracking every error message’s source host is important to correct errors • SNMP and MIB can not add additional information dynamically How can we correct errors?
What are existing problems with the protocol?Security Vulnerabilities
Security Vulnerabilities (1/3) • Every ICMP message can be used for network attack • ‘Echo’ and ‘Echo Reply’ messages • Echo requests can be used by an outsider to map our network • ‘Destination Unreachable’ message • Blind connection-reset attack: Send a ‘Protocol unreachable’ message to a client with spoofed IP address • Path MTU discovery attack: Send ‘Fragmentation needed’ message to a client (c.f. PMTUD mechanism)
Security Vulnerabilities (2/3) • ‘Source Quench’ message • ICMP Source Quench attack: attacker (probably combined with IP spoofing) sends this message in order to make a very effective DoS attack • ‘Redirect’ message • Attacker sends this message to subvert the routing table • ‘Time Exceeded’ message • Attacker can use traceroute to find out which hosts are the routers in our network
Security Vulnerabilities (3/3) • ‘Time Stamp request & reply’ messages • Attacker can use this message to map our network (alternative to ping) • ‘Address Mask request & reply’ messages • Attacker can use these messages to learn the topology of our network These vulnerabilities caused by lack of authentication mechanism • Firewall is used for filtering ICMP messages (inbound/outbound) • Authentication mechanism should be integrated into ICMP
What are existing problems with the protocol?If you had to redesign the protocol from scratch, how would you do it differently, considering its manageability?
Source Quench Error (1/3) • Generated if the router or host does not have sufficient buffer space to process the request • Requests the sender to decrease the traffic rate of messages to a router or host (congestion control)
Source Quench Error (2/3) • Problems • A host or router will send source quench error messages responsible for every discarded packet (network overhead) • A host or router can not determine which host is responsible for network congestion • No mechanism to notify the end of congestion
Source Quench Error (3/3) • Redesign of Source quench error function • A host or router will send source quench error messages responsible for every discarded packet (network overhead) • Sending an error message per source host (What will happen if the error message disappear? I don’t know!) • A host or router can not determine which host is responsible for network congestion Using statistics of received datagram, a host or router can determine the responsible sender • No mechanism to notify the end of congestion New message type (available bandwidth) is needed