RE: Do ICMP re-directs actually work ?

From: Ofir Arkin (ofir@sys-security.com)
Date: 10/30/01 

From: "Ofir Arkin" <ofir@sys-security.com>
To: "'Naveed Anwar'" <naveed@middleoffice.com>, <pen-test@securityfocus.com>
Subject: RE: Do ICMP re-directs actually work ?
Date: Tue, 30 Oct 2001 13:31:09 +0200
Message-ID: <003601c16136$726144b0$ae0f08d5@godfather>

Naveed,

Try to look for the registry setting in Windows 2000 that is IGNORING
redirects. This might be your problem.

BTW - I would suggest you use a tool called 'sing' it is a better
implementation of icmpush by the same coder - alfredo andreas omella.

Hope this helps

Ofir Arkin [ofir@sys-security.com]
Founder
The Sys-Security Group
http://www.sys-security.com
PGP CC2C BE53 12C6 C9F2 87B1 B8C6 0DFA CF2D D360 43FA

-----Original Message-----
From: Naveed Anwar [mailto:naveed@middleoffice.com]
Sent: ג 30 אוקטובר 2001 4:56
To: pen-test@securityfocus.com
Cc: ofir@sys-security.com
Subject: Do ICMP re-directs actually work ?

Hi All

I have just been conducting a test in one of our labs by sending ICMP
redirects to a Windows 2000 Advanced Server using ICMPUSH. Using a
sniffer I see the packet successfully leave my machine, then again
from the target box I see the re-direct arrive. Say for example my
target machine is called Pepsi, and I tell it to redirect any packets
for a machine called Fanta to a dead gateway, hence communication to
Fanta will fail for the lifetime of the redirect.

Now my understanding is that the target server (Pepsi) should now
have updated its local routing table with respect to the Fanta
machine. Then from Pepsi I try to ping/telnet/http/ftp etc..(i.e
establish communication) to Fanta I am able to. The point is since I
told Pepsi via a redirect to send all traffic for Fanta to a
blackhole, how is the communication working.

One interesting point is that when I issue a netstat -rn to view the
routing table, I see no route update from the ICMP redirect.

After reading Ofir's excellent paper I understand most ICMP
implementations are OS specific, therefore I guess redirects do not
work in Win2000 or Linux 6.2 which I also tested..or am I doing
something horribly wrong?

Thanks
Naveed

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

Relevant Pages

  • Re: Do ICMP re-directs actually work ?
    ... "When a Windows 2000-based computer received an ICMP ... Then goes on to say that, otherwise, the redirect is ignored. ... >> This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ...
    (Pen-Test)
  • Do ICMP re-directs actually work ?
    ... I have just been conducting a test in one of our labs by sending ICMP ... Fanta will fail for the lifetime of the redirect. ... This list is provided by the SecurityFocus Security Intelligence Alert ...
    (Pen-Test)
  • Re: Do ICMP re-directs actually work ?
    ... Do ICMP re-directs actually work? ... It's my understanding that the ICMP redirect is used in the following ... gateway1 looks for the next hop and find gateway2 ... > This list is provided by the SecurityFocus Security Intelligence Alert ...
    (Pen-Test)
  • Re: Problem with new source address selection
    ... When I use the route to own interface address ... for every incoming packet an ICMP redirect is sent. ... connections dependent from destination network. ...
    (freebsd-net)
  • Re: Getting "ICMP Host redirect from gateway" response
    ... nice icmp redirect by the time you ping the external IP. ... when the router knows of a "better" route. ... should use a different next hop router for certain traffic. ...
    (comp.os.linux.networking)