What is the function of ICMP protocol and the principle of Ping of Death attack？

　　ICMP is the abbreviation of "Internet Control Message Protocol". It is a sub-protocol of TCP/IP protocol family, which is used to transfer control messages between IP hosts and routers. Control messages refer to the messages of the network itself, such as whether the network is unreachable, whether the host is reachable, and whether the route is available. Although these control messages do not transmit user data, they play an important role in the transmission of user data.

　　In the network, ICMP protocol is often used, but it is imperceptible. For example, the Ping command, which is often used to check whether the network is impassable, is actually the process of ICMP protocol. There are other network commands, such as Tracert command to track routes, which are also based on ICMP protocol.

　　ICMP protocol is of great significance to network security. The characteristics of ICMP protocol itself determine that it is very easy to be used to attack routers and hosts on the network. For example, in August 1999, a company offered a reward of 500,000 yuan to test its firewall, and its firewall suffered 334,050 ICMP attacks, accounting for more than 90% of the total number of attacks. It can be seen that the importance of ICMP can never be ignored.

　　For example, you can use the rule that the maximum size of internet control message protocol specified by the operating system is no more than 64KB to launch a "Ping of Death" attack on the host. The principle of "Ping of Death" attack is that if the size of internet control message protocol exceeds the upper limit of 64KB, the host will have a memory allocation error, which will cause the TCP/IP stack to crash and the host will crash.

　　In addition, sending internet control message protocol to the target host for a long time, continuously and in large quantities will eventually paralyze the system. A large number of internet control message protocol will form an "ICMP storm", which will make the target host spend a lot of CPU resources to process and be tired of crashing.

　　Ping.exe's principle is to send a packet with a certain length to the specified IP address. According to the agreement, if the specified IP address exists, it will return a packet with the same size. Of course, if it does not return within a certain time, it will be "timeout" and the specified IP address will not exist. Because ping uses ICMP protocol, some firewall software will block ICMP protocol, so sometimes the result of ping can only be used as a reference. Failure to ping does not necessarily mean that the other IP does not exist.

　　Ping command is a very useful network command, which is often used to test network connectivity. But at the same time, it is also a double-edged sword. Others can detect a lot of sensitive information on your computer by using the ping command, causing insecurity. For the sake of security, there are many ways to prevent ping, such as a firewall, or creating a security policy that prohibits all computers from pinging the local IP address.

　　Because ping uses ICMP protocol, some firewall software will block ICMP protocol. How does IPSec security policy "prevent ping"? Its principle is to filter all internet control message protocol of this machine by creating a new IPSec policy. This can effectively "prevent ping", but it will also leave sequelae. Because the ping command is closely related to the ICMP protocol.

　　There are 11 message formats in the application of ICMP protocol, in which the ping command works by using the "Echo Request" message in ICMP protocol. However, IPSec security policy uses shoot-to-kill method to prevent ping, which filters all ICMP messages, especially all messages in other formats. Therefore, in some special LAN environments, it is easy to lose data packets, which affects the normal work of users. Therefore, a firewall is recommended.

　　Thank you for reading. If you want to know more about dry goods of server technology, it is more exciting to pay attention to my homepage.