Using ICMP to Redirect Traffic !

Hey Everyone its me Looper. As I am Moving Forward in my course I Learnt some incredible techniques and attack methodology i want to share a small but effective attack with you. I want to talk about a attack on ICMP How ICMP used by hacker to redirect traffic on a network.Basically error controlling protcol and in basic term router think another router is telling is that a link is down or congested.So Lets Begin
     
ICMP stands for Internet Control Message Protocol and is the most used protocol in networking technology. A connection less protocol, ICMP does not use any port number and works in the network layer. ICMP is commonly used for diagnostic purposes, error reporting or querying any server, and right now attackers are using ICMP to send payloads, which we will discuss here. The popular ping command will use ICMP. There are lot of security issues of ICMP messages that we really need to look at.

This attack in known as Inverse Mapping. Inverse Mapping is a technique used to map internal networks or hosts that are protected by a filtering device. Usually some of those systems are not reachable from the Internet. We use routers, which will give away internal architecture information of a network, even if the question they were asked does not make any sense, for this scanning type. We compile a list of IP’s that list what is not there, and use it to conclude where steps probably are.

Step 1.  Attacker manages to take over a secondary gateway A of the source host. 

Step 2.  Attacker sends a TCP open packet to source host acting as destination host. 

Step 3.  While a reply is in transit from the source host to the destination host through gateway B, the attacker sends an ICMP route redirect message to source host spoofing as B .

Step 4.  Source host will accept the route change control message as valid and thus changes its routing table to now route all traffic bound for destination host through Gateway A.

Step 5. Now attacker will quietly read/modify and forward all traffic bound for destination host to Gateway B acting as a Man-In-The-Middle host. 

By sending oversize ICMP messages to a target host could potentially crash or reboot the target host. This is due to the fact that some OS does not know how to handle packets that are larger than the maximum size as stipulated in RFC.

That is the attack which is pretty cool when we have to get information or port scanning. This attack known as Inverse Mapping. Good bye for now see you in Next Blog.

LOOPER