Dell Command Line Reference Guide for the S4048–ON System 9.14.2.5

PDF

ICMP Vulnerabilities

The internet control message protocol (ICMP) is a network-layer internet protocol that provides message packets to report errors and other information regarding IP packet processing back to the source. Dell EMC Networking OS mainly addresses the following ICMP vulnerabilities:

  • ICMP Mask Reply
  • ICMP Timestamp Request
  • ICMP Replies
  • IP ID Values Randomness

You can configure the Dell EMC Networking OS to drop ICMP reply messages. When you configure the drop icmp command, the system drops the ICMP reply messages from the front end and management interfaces. By default, the Dell EMC Networking OS responds to all the ICMP messages. You can configure the Dell EMC Networking OS to suppress the following ICMPv4 and ICMPv6 message types:

Table 1. Suppressed ICMPv4 message typesSuppressed ICMPv4 message types
ICMPv4 Message Types
Echo reply (0)
All sub types of destination unreachable (3)
Source quench (4)
Redirect (5)
Router advertisement (9)
Router solicitation (10)
Time exceeded (11)
IP header bad (12)
Timestamp request (13)
Timestamp reply (14)
Information request (15)
Information reply (16)
Address mask request (17)
Address mask reply (18)
NOTE: The Dell EMC Networking OS does not suppress the ICMPv4 message type Echo request (8).
Table 2. Suppressed ICMPv6 message typesSuppressed ICMPv6 message types
ICMPv6 Message Types
Destination unreachable (1)
Time exceeded (3)
IPv6 header bad (4)
Echo reply (129)
Who are you request (139)
Who are you reply (140)
Mtrace response (200)
Mtrace messages (201)
NOTE:

The Dell EMC Networking OS does not suppress the following ICMPv6 message types:

  • Packet too big (2)
  • Echo request (128)
  • Multicast listener query (130)
  • Multicast listener report (131)
  • Multicast listener done (132)
  • Router solicitation (133)
  • Router advertisement (134)
  • Neighbor solicitation (135)
  • Neighbor advertisement (136)
  • Redirect (137)
  • Router renumbering (138)
  • MLD v2 listener report (143)
  • Duplicate Address Request (157)
  • Duplicate Address Confirmation (158)

Rate this content

Accurate
Useful
Easy to understand
Was this article helpful?
0/3000 characters
  Please provide ratings (1-5 stars).
  Please provide ratings (1-5 stars).
  Please provide ratings (1-5 stars).
  Please select whether the article was helpful or not.
  Comments cannot contain these special characters: <>()\