Page 768 - (ISC)² CISSP Certified Information Systems Security Professional Official Study Guide
P. 768
limiting the use of ICMP or at least limiting its throughput rates. Ping
of death sends a malformed ping larger than 65,535 bytes (larger than
the maximum IPv4 packet size) to a computer to attempt to crash it.
Smurf attacks generate enormous amounts of traffic on a target
network by spoofing broadcast pings, and ping floods are a basic DoS
attack relying on consuming all of the bandwidth that a target has
available.
You should be aware of several important details regarding ICMP.
First, the IP header protocol field value for ICMP is 1 (0x01). Second,
the type field in the ICMP header defines the type or purpose of the
message contained within the ICMP payload. There are more than 40
defined types, but only 7 are commonly used (see Table 11.5). You can
find a complete list of the ICMP type field values at
www.iana.org/assignments/icmp-parameters. It may be worth noting
that many of the types listed may also support codes. A code is simply
an additional data parameter offering more detail about the function
or purpose of the ICMP message payload. One example of an event
that would cause an ICMP response is when an attempt is made to
connect to a UDP service port when that service and port are not
actually in use on the target server; this would cause an ICMP Type 3
response back to the origin. Since UDP does not have a means to send
back errors, the protocol stack switches to ICMP for that purpose.
TABLE 11.5 Common ICMP type field values
Type Function
0 Echo reply
3 Destination unreachable
5 Redirect
8 Echo request
9 Router advertisement
10 Router solicitation
11 Time exceeded
IGMP Internet Group Management Protocol (IGMP) allows systems
to support multicasting. Multicasting is the transmission of data to
