Good day:

This time we are going to take a walk on the wildside and try to explain what redirecting port traffic is all about in terms of Internet traffic flow. I know there are times when we all would like to redirect vehicle traffic right out of our way, but…

Anyway there are several ways to get this traffic redirected, and five of them are listed in our text book. Our mission today was to pick one of these and report to you on it. I chose redirection and interception with ICMP.

The main reason I picked this subject is because of self-interest, and secondly, I assumed the rest of the class would probably take the first couple of ways. I didn’t want any boredom setting in. Only time will tell if I guessed right.

My first task was to lookup and re-familiarize myself with ICMP. Well, ICMP is Internet Control Message Protocol (see the article below), and is an error-reporting protocol. This simply means when I send a message to an IP or Internet Protocol address, and fat finger the keys - which will inevitably send the message to the wrong home: I will receive an error message to this effect.

This protocol will generally be used by a network administrator to:

• find vulnerability in their network,

• search for any unauthorized use of the network,

• and/or check for sniffing.

This protocol can also be used corruptly by hackers to cause hate and discontent, hence the unauthorized use.

I’m not real sure if this would be the best way to redirect trafffice, it was just the one I picked. However, I check out the others really quick like, and found DHCP redirection to be of particular interest also. Perhaps I will save this one for a rainy day research project.

Following are articles which were used to write this blog. I Googled "Redirection and interception with ICMP" as a reference. Many good articles were found there which may be of interest to you as well.

"ICMP Redirection Enabled." ICMP Redirection Enabled. Web. 17 Feb. 2016. <https://www.rapid7.com/db/vulnerabilities/linux-icmp-redirect>.

When hosts use a non-optimal or defunct route to a particular destination, an ICMP redirect packet is used by routers to inform the hosts what the correct route should be. If an attacker is able to forge ICMP redirect packets, he or she can alter the routing tables on the host and possibly subvert the security of the host by causing traffic to flow via a path you didn't intend. It's strongly recommended to disable ICMP Redirect Acceptance to protect your server from this hole.

By default, many Linux systems enable a feature called ICMP redirection, where the machine will alter its route table in response to an ICMP redirect message from any network device.

There is a risk that this feature could be used to subvert a host's routing table in order to compromise its security (e.g., tricking it into sending packets via a specific route where they may be sniffed or altered).

ICMP (Internet Control Message Protocol) Posted by: Margaret Rouse

Rouse, Margaret. "What Is ICMP (Internet Control Message Protocol)? - Definition from WhatIs.com." TechTarg.com. Web. 17 Feb. 2016. <http://searchnetworking.techtarget.com/definition/ICMP>.

ICMP (Internet Control Message Protocol) is an error-reporting protocol network devices like routers use to generate error messages to the source IP address when network problems prevent delivery of IP packets. ICMP creates and sends messages to the source IP address indicating that a gateway to the Internet that a router, service or host cannot be reached for packet delivery. Any IP network device has the capability to send, receive or process ICMP messages.

ICMP is not a transport protocol that sends data between systems. While ICMP is not used regularly in end-user applications, it is used by network administrators to troubleshoot Internet connections in diagnostic utilities including ping and traceroute.

One of the main protocols of the Internet Protocol suite, ICMP is used by routers, intermediary devices or hosts to communicate error information or updates to other routers, intermediary devices or hosts. The widely used IPv4 (Internet Protocol version 4) and the newer IPv6 use similar versions of the ICMP protocol (ICMPv4 and ICMPv6, respectively).

ICMP messages are transmitted as datagrams and consist of an IP header that encapsulates the ICMP data. ICMP packets are IP packets with ICMP in the IP data portion. ICMP messages also contain the entire IP header from the original message, so the end system knows which packet failed.

The ICMP header appears after the IPv4 or IPv6 packet header and is identified as IP protocol number 1. The complex protocol contains three fields:

• The major type that identifies the ICMP message;

• The minor code that contains more information about the type field; and

• The checksum that helps detect errors introduced during transmission.

ICMP has been used to execute denial-of-service attacks (also called the ping of death) by sending an IP packet larger than the number of bytes allowed by the IP protocol.

Once again I say thank you for stopping in. I found some new information as well as refreshing my mind, and I hope you readers do this as well.