Error and Control Messages in the Internet Protocol

1
Error and Control Messages in the Internet
Protocol

• Extranormal communication among routers and hosts
  is sometimes necessary to
• Report errors
• Handle abnormal conditions
• Update routing information
• The Internet Protocol defines a single mechanism
  for these types of messages

2
The Internet ControlMessage Protocol (ICMP)

• Normally generated by and intended for the IP
  software
• Two levels of encapsulation

3
ICMP is for Error Reporting

• Errors are reported to a datagrams original
  sender
• It is the senders responsibility to take
  appropriate action
• Exception ICMP messages are not generated for
  errors that result from datagrams carrying ICMP
  messages

4
ICMP Message Format

• All ICMP messages begin with the same three
  fields
• TYPE (1 octet) - identifies the message
• CODE (1 octet) - information about the subtype
• CHECKSUM (2 octets) - covers the ICMP message
• ICMP error messages always include the header and
  first 64 data bits of the datagram causing the
  problem

5
The ICMP TYPE Field

• Type Field ICMP Message Type
• ------------- --------------------------
• 0 Echo Reply
• 3 Destination Unreachable
• 4 Source Quench
• 5 Redirect
• 8 Echo Request
• 11 Time Exceeded for Datagram
• 12 Parameter Problem on Datagram
• 13 Timestamp Request
• 14 Timestamp Reply
• 15 Information Request (obsolete)
• 16 Information Reply (obsolete)
• 17 Address Mask Request
• 18 Address Mask Reply

6
Echo Request and Reply Messages

• IDENTIFIER and SEQUENCE NUMBER
• Used by the sender to match replies with requests

7
Destination Unreachable Messages

• Sent when a router cannot deliver or forward a
  datagram

8
Destination UnreachableCODE Field

• Code Value Meaning
• -------------- -----------
• 0 Network Unreachable
• 1 Host Unreachable
• 2 Protocol Unreachable
• 3 Port Unreachable
• 4 Fragmentation needed and DF set
• 5 Source Route Failed
• 6 Destination Network unknown
• 7 Destination Host Unknown
• 8 Source Host Isolated
• 9 Comm. Administratively prohibited (network)
• 10 Comm. Administratively prohibited (host)
• 11 Network unreachable for type of service
• 12 Host unreachable for type of service

9
Congestion and DatagramFlow Control

• Most routers have a limited queue in which to
  store arriving datagrams
• Congestion - a router is overrun with traffic
• High-speed computer sends datagrams faster than a
  router can retransmit them
• Many computers send datagrams to the same router
  at once

10
Source Quench Message

• Congested routers send one for every datagram
  they drop

11
Source Quench Messages

• Hosts that receive source quench messages should
  stop sending datagrams to that router
  (temporarily)
• When it hasnt received a source quench message
  in a while, the host can start gradually
  increasing its traffic again

12
Redirect Messages

• Hosts initialize routing table at startup
• When a router detects a host using a nonoptimal
  route it sends the host a ICMP redirect message

13
Redirect Messages

• Code Value Meaning
• -------------- -----------
• 0 Redirect datagrams for the Net (obsolete)
• 1 Redirect datagrams for the Host
• 2 Redirect datagrams for the Type of Service
  and Net
• 3 Redirect datagrams for the Type of Service
  and Host

14
Time Exceeded Messages

• Code 0 - Datagram dropped because TTL reached 0
• Code 1 - Datagram dropped because fragment
  reassembly time exceeded

15
ICMP Security Issues

• ICMP can be a source of security vulnerabilities
• Flaws in ICMP implementation can be exploited
• Recall the teardrop vulnerability in IP
• ICMP is well suited for denial-of-service attacks
• Anyone notice the f (flood) option to ping?
• According to the man page
• This can be very hard on a network and should
  be used with caution.

16
Ping of Death

• Attacker constructs an ICMP echo request message
  containing 65,510 data octets and sends it to a
  victim host

17
Ping of Death (cont)

• The total size of the resulting datagram (65538
  octets) is larger than the 65,536 octet limit
  specified by IP
• Several systems did not handle this oversized IP
  datagram properly
• Hang
• Crash
• Reboot
• Fixed by software patches

18
Smurf

• Attacker sends ICMP echo request messages to a
  broadcast address at an intermediate site
• Broadcast address a copy of the datagram is
  delivered to every host connected to a specified
  network
• For some broadcast address, a single request
  could generate replies from dozens or hundreds of
  hosts
• The source address in each request packet is
  spoofed so that replies are sent to a victim
  machine
• Result the victims machine/network is flooded
  by ICMP echo replies
• Many sites have reconfigured their machines so
  that their machines do not respond to ICMP echo
  requests sent to a broadcast address

19
Smurf (cont)

20
ICMP - Summary

• ICMP provides a mechanism for extranormal
  communication among routers and hosts
• Echo request/reply
• Destination unreachable
• Source quench
• Redirect
• Time exceeded
• Sometimes incoming ICMP messages are blocked for
  security reasons