Internet Control Message Protocol (ICMP)¶
The Internet Control Message Protocol (ICMP) is a diagnostic and error-reporting mechanism that most network defences treat as routine. Its ubiquity and the permissive posture most devices and firewalls extend to it can make it a reliable vehicle for reconnaissance, covert channels, amplification, and lateral movement, without announcing itself as anything other than normal traffic.
A ubiquitous diagnostic protocol pressed into service for reconnaissance, covert channels, and disruption.
- Overview attacks on ICMP
- ICMP Echo sweeping (Ping sweep)
- TTL manipulation for OS fingerprinting
- ICMP-based service discovery
- ICMP tunnelling for data exfiltration & covert channels
- Fragmented ICMP exfiltration techniques
- DNS-over-ICMP (C2) covert channels
- ICMP flood attacks
- ICMP amplification attacks
- NAT/Firewall bypass techniques
- Lateral movement via ICMP
- ICMPv6 router advertisement spoofing
- IoT/OT device crashes via ICMP
- Cloud metadata service abuse via ICMP