ICMP in Network Security

Network Types

• Metropolitan Area Network (MAN) is typically confined to a city, a zip code, a campus, or office park.
• Global Information Grid (GIG) is a network that provides a secure, high-speed network for the US Department of Defense.

PAN (Personal Area Network)

• Characterized by a range of around 10 meters or less.

Intranet and Internet

• The primary difference between an Intranet and the Internet is that an Intranet is a private network, whereas the Internet is a public network.

GAN (Global Area Network)

• Characterized by its ability to span multiple countries and continents.

Low-Power Wireless Technologies

• Technologies like Bluetooth commonly use frequency hopping spread spectrum technology.

IPv6 Autoconfiguration

• One of the security challenges introduced by IPv6 autoconfiguration is the potential for rogue devices to autoconfigure and connect to the network.

IPv6 Communication

• When a host can communicate with other link-local addresses on the same LAN, it means that the host can communicate with other devices on the same network.

IPv6 and ISPs

• If ISPs enable IPv6 service without the customer's knowledge, it can lead to potential security risks and Configuration issues.

Network Intrusion Detection Systems

• Network intrusion detection systems are often not configured to 'see' IPv6 traffic, which can lead to potential security risks.

System Hardening

• Disabling IPv6 on systems that do not use it is recommended as a fundamental part of system hardening.

Disabling IPv6

• IPv6 can be disabled on a Windows host by going to the Network and Sharing Center and disabling IPv6.

Ping

• An unanswered ping (an ICMP Echo Request with no Echo Reply) suggests that the host is not reachable or is not responding to ping requests.

Time to Live (TTL)

• The TTL field prevents routing loops by decrementing the TTL value each time a packet passes through a router, and discarding the packet when the TTL value reaches zero.

Router Messages

• When a router decrements a packet's TTL to zero, it sends an ICMP Time Exceeded message.

Traceroute

• In the traceroute process, when a router is identified, it means that the router has responded to the packet with a TTL of 1.
• The traceroute client sends a packet with a TTL of 1 to begin the route tracing process to identify the first hop.
• Traceroute uses the ICMP Time Exceeded message to uncover intermediate routers between a client and a server.

File Transfer

• The Trivial File Transfer Protocol (TFTP) provides a simpler way to transfer files, often used for saving router configurations or bootstrapping via a network by diskless workstations.

FTP

• Passive FTP is more likely to pass through firewalls cleanly because it uses a random port for data transfer, making it easier to configure firewalls.

Secure Shell (SSH)

• SSH was designed as a secure replacement for Telnet, FTP, and UNIX 'R' commands.
• SSH servers listen on port 22 by default.

Insecure Channel

• Telnet is not recommended for transferring sensitive data over an insecure channel.

TFTP

• A characteristic of TFTP is that it does not support directory structure.

DNS Cache Poisoning

• The main goal of a DNS cache poisoning attack is to inject fake DNS data into a DNS cache, leading to redirection of users to fake websites.

DNSSEC

• DNSSEC enhances DNS responses by providing digital signatures that verify the authenticity of DNS data.

Public Key Infrastructure

• Building an Internet-scale Public Key Infrastructure is challenging because it requires a global system of trust.
• The 2008 DNS cache poisoning attack led to an increased call for the adoption of DNSSEC.

SNMP

• The primary function of SNMP in network management is to monitor and manage network devices.
• SNMP agents commonly use port 161 for communication.