Management Issues in ICMP (Internet Control Message Protocol) Byungchul Park DPNM Lab., CSE, POSTECH Email: fates@postech.ac.kr 2008. 5. 12 1 1

Table of Contents Introduction ICMP functionalities MIB for ICMP Security Vulnerabilities of ICMP Redesign ‘Source Quench’ error report Summary

Introduction (1/2) Unreliable IP protocol - “Best Effort” What will happen if… Packet can not find a router to go to final destination TTL value goes 0 Fragmented packets can not reach to final destination in time Network error A host or router need some information from other hosts or routers

Introduction (2/2) Why the ICMP is needed? Lacks of IP protocol’s functionality!!! Unreliable and connectionless datagram delivery Best-effort delivery service Lack of error control and lack of assistance mechanisms No error-reporting and error-correcting mechanisms Lacks of mechanism for host and management queries  ICMP has been designed to compensate for the above deficiencies

ICMP Functionalities (1/3) ICMP Messages Error-reporting Query Error reporting : report problems that a router or host may encounter when it processes an IP packet Query message : get specific information from router or a host in order to help a host or network management.

ICMP Functionalities (2/3) ICMPv4

ICMP Functionalities (3/3) ICMPv6

What are the important things that need to be monitored and controlled? 1 1

MIB for ICMP (1/2) Important functionalities Error report Query for network management  Monitoring every ICMP message is meaningful in network management aspect Example Too many “source quench” message  network congestion?! Too many “redirection” messages  ICMP attack?!

MIB for ICMPv6 - RFC2466 (2/2) ipv6IfIcmpInMsgs, ipv6IfIcmpInErrors, ipv6IfIcmpInDestUnreachs, ipv6IfIcmpInAdminProhibs, ipv6IfIcmpInTimeExcds, ipv6IfIcmpInParmProblems, ipv6IfIcmpInPktTooBigs, ipv6IfIcmpInEchos, ipv6IfIcmpInEchoReplies, ipv6IfIcmpInRouterSolicits, ipv6IfIcmpInRouterAdvertisements, ipv6IfIcmpInNeighborSolicits, ipv6IfIcmpInNeighborAdvertisements, ipv6IfIcmpInRedirects, ipv6IfIcmpInGroupMembQueries, ipv6IfIcmpInGroupMembResponses, ipv6IfIcmpInGroupMembReductions

 How can we correct errors? More Issues Simple statistics information is not enough to manage every network problem ICMP does not correct errors, it simply reports them. Tracking every error message’s source host is important to correct errors SNMP and MIB can not add additional information dynamically  How can we correct errors?

What are existing problems with the protocol? Security Vulnerabilities 1 1

Security Vulnerabilities (1/3) Every ICMP message can be used for network attack ‘Echo’ and ‘Echo Reply’ messages Echo requests can be used by an outsider to map our network ‘Destination Unreachable’ message Blind connection-reset attack: Send a ‘Protocol unreachable’ message to a client with spoofed IP address Path MTU discovery attack: Send ‘Fragmentation needed’ message to a client (c.f. PMTUD mechanism)

Security Vulnerabilities (2/3) ‘Source Quench’ message ICMP Source Quench attack: attacker (probably combined with IP spoofing) sends this message in order to make a very effective DoS attack ‘Redirect’ message Attacker sends this message to subvert the routing table ‘Time Exceeded’ message Attacker can use traceroute to find out which hosts are the routers in our network

Security Vulnerabilities (3/3) ‘Time Stamp request & reply’ messages Attacker can use this message to map our network (alternative to ping) ‘Address Mask request & reply’ messages Attacker can use these messages to learn the topology of our network These vulnerabilities caused by lack of authentication mechanism Firewall is used for filtering ICMP messages (inbound/outbound) Authentication mechanism should be integrated into ICMP

What are existing problems with the protocol What are existing problems with the protocol? If you had to redesign the protocol from scratch, how would you do it differently, considering its manageability? 1 1

Source Quench Error (1/3) Generated if the router or host does not have sufficient buffer space to process the request Requests the sender to decrease the traffic rate of messages to a router or host (congestion control)

Source Quench Error (2/3) Problems A host or router will send source quench error messages responsible for every discarded packet (network overhead) A host or router can not determine which host is responsible for network congestion No mechanism to notify the end of congestion

Source Quench Error (3/3) Redesign of Source quench error function A host or router will send source quench error messages responsible for every discarded packet (network overhead) Sending an error message per source host (What will happen if the error message disappear? I don’t know!) A host or router can not determine which host is responsible for network congestion  Using statistics of received datagram, a host or router can determine the responsible sender No mechanism to notify the end of congestion  New message type (available bandwidth) is needed

Question? ?