MISUSES OF ICMP PROTOCOL
Dr.Mubashir
BY
KH.WAQAS RAHEEL
ID:PG3502025@CLOUD.NED.EDU.PK
Abstract
In this report we are highlighting the issues or weakness of ICMP (Internet Control Message
Protocol) that is network layer Protocol due to which this protocol has been misused by cyber
criminals or other hacktivist .Basically ICMP used to find either data is gaining its correct
destination with it proper time. Although ICMP is used for error reporting & testing but this
protocol is also used for some other activities like DDoS Attack. If any data didn’t reach to it
intended destination for example any large packet of data is dropped by network device like
router ICMP protocol through an error to sender or sending device that data is not reached to its
intended destination. Demonstration of ICMP redirects and denial of service happenings along
with hijack systems are censorious disclose on internet facing. This protocol is highly vulnerable
by (DoS) Attack.
Introduction
Recently we are observing, Change in cyber techniques getting more efficient;
exploitation of ICMP increases in COVID situation as web based exertion augmented. Speed
between two network devices will test by PING utility. It reports that how much time is taken by
a packet of data to reach its destination & return to it sender device. In other word calculate
latency of communication between two devices. Echo –request & Echo-Reply messages of ICMP
protocol are used in ping. Sad to say that this process could be exploit by network attacks, In
terms of disruption or Denial of service (DoS), like as ICMP or ping Flood Attack & Ping of death
attack POD (Subramani, 2020). It crashes or even freeze victim’s system or server In terms of
sending overcapacity. Now we will talk about Sync flood it is a type of DOS Attack. In this scenario
victim machine is flooded by SYN packets due to which machine performance goes down
(Hiremath, 2019). This attack will be launched by well-known frame work Metasploit that is
available in kali Linux this tool is widely used by ethical or non-ethical hackers because it is easy
to use & they can launch SYN Flood attack if they knows the IP address of Victim System. They
Send SYN packets to victim machine & Jam victim’s machine. ICMP or ping flood attack is carried
out by cyber criminals to overload victim’s system by ICMP echo request. Results Victim’s
network flooded by request packets & network can only acknowledge only few reply packets.
This attack can be perform by few ways like using code or some other tool like Hping & Scapy
.Both are its own capacities but Scapy having scan, probing tracerouting, packet manipulation &
attack & many more capabilities that others can’t do like sending frames that not exists. ICMP
protocol is used for finding & controlling network base issues. So this thing establish a link
between two systems is usually unnoticed. Moreover ICMP is necessity, well known part for IP
Suite & Not belong to application layer protocol, organizations are not likely to monitor as others
like HTTP, IMAP, TCP, HTTPS etc. Although, reduction is not insignificant, in most of the cases
ICMP functionalities can’t be completely discontinue without influence user experience.
MATERIALS AND METHODS
Well-known powerful Open source tool Metasploit is used by cyber criminals for testing
systematic vulnerabilities that can be find on ant server or networks. 1600 + exploits inveterate
over 25 plus platforms. In which include Cisco, Android, python & many more. As well, the
Metasploit framework having around 500 payloads also having meterpreter payloads, Dynamic
payloads. Metasploit offers functionalities in such a manner like Exploit provide system
weakness, Payloads provide malicious code, Auxiliary functions helps to edit information or code.
Listener’s modules helps in gaining users access this is a malicious software, Post-exploitation
code provide deep dive in target machine after penetrating in victim system. In last NoP
generator prevents the payload crash & it bypasses most of the IDS & IPS.
IMPACT OF THE ATTACK :
Large organization having great threat regarding DoS attacks Although the time span of
attack is too short but if this would be a business hours it can make a huge loss in terms of money.
System, webserver or other devices that are using ICMP protocol at the time of attack
performance goes down or slow. DoS Attack having different flavors like ICMP flood, buffer
overflow attacks, SYN flood (SYN flood start sending request until server open ports are full from
requests & none of the port is available from which user can connect. Question is that Denial of
Service (DoS) impact is harsh or bad for online business like daraz, Shoppe & others? Because
online sites are not reachable to users & can’t take customer’s orders due to which companies
lose their income. Usually this type of attack happens when some special promotions & sales
were offered on online sites. Attackers knew that this time users are frequently surfing the site
for getting promotion so they launch the attack. Once the organization would be under attack
then they have contact to their IT security staff to recover their systems and enhance the security
of their systems in terms of future aspect (Ng Kar Zuin1, 2021).
CORECTIVE ACTIONS AND ANALYTICS
It is easier to use the framework of Metasploit for convenience in launching the attack of
DOS as an opinion. CLI method is difficult in comparison with GUI that is graphical user interface
for instance Armitage but in most cases attackers/ hackers and defenders prefer CLI method over
GUI. A professional should use the method of CLI because the attackers who are beginners usually
use the GUI method of GUI to easily understand the work phenomena of attacking. Beside this,
the user should ensure that whatever the commands are using it must be correct in the CLI
method to make it work otherwise it won’t work. During the attack, in every step the user must
set the commands of RHOSTS and also RPORTS, and ensure the IP address and also the correction
of port number especially before the launching of the attack. Otherwise, the overall attack won’t
work or most probably it may target the wrong machine. However, there are few corrective
actions that can be taken for the attack of DOS. For instance, if any company is under attack, the
user should contact the ISP of that company on priority basis, The IT department concerned
person of that company makes a call to its Internet service provider and commands to reroute
the traffic if it is possible. Additionally, IDS which is an intrusion detection system of any company
should be implemented to prevent the attack by applying IPS which is a prevention system
launched to increase the level of security around the company’s network and also to prevent
attacks of DDOS from hackers. IDS basically fulfill the purpose of monitoring the organization’s
internal traffic on its network in the real time and keep it safe from all types of threats and
anomalous activity, if the IDS supposedly detects any threats on the network it will give
notification to the user. Although, the Intrusion prevention system actually controls the network
security by comparing it with the in and out traffic with its rule set. If the traffic is blacklisted in
the rule set then it will automatically be rejected by the system. Intrusion prevention systems
must have a database to get updated with the advance or new threats so how the system can
prevent databases from threats. However, the DOS attack can be prevented by installing a
firewall. The purpose is to secure the organization’s own network and system from hackers by
defending it from unauthorized network traffic and also malicious viruses. Additionally, the
function of a firewall is to protect the company’s network and system from malicious software
by stopping its entry into the network.
CONCLUSIONS:
Threats are gradually increases day by day. Best way of protection is digitally connected
people must know the security issue & their preventions on each layer. For example Avoid
sharing of credit card detail, Address, passwords etc on any channel or social media they never
know it might be worst result further developing the security level of the gadget although we
can’t secure thing 100% but we can do the thing almost 99% .
References
Hiremath, P. A. (2019). MyWebGuard: toward a user-oriented tool for security and privacy protection on
the web. International Conference on Future Data and Security Engineering (pp. 506-525). Cham:
Springer.
Ng Kar Zuin1, E. V. (2021). A Case Study: SYN Flood Attack Launched Through Metasploit. Integrated
Intelligent Computing Communication & Security (ICIIC) (pp. 520-525). Malaysia: Atlantis Press
International B.V.
Subramani, P. R. (2020). A Block Bi-Diagonalization-Based Pre-Coding for Indoor Multiple-Input-MultipleOutput-Visible Light Communication System. Energies,, 3466.