Solved

Disabling ICMP

Posted on 2014-03-18
4
483 Views
Last Modified: 2014-05-07
Would like to know if disabling ICMP across all devices in network is a worth while exercise
0
Comment
Question by:IT Department
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 18

Accepted Solution

by:
Akinsd earned 500 total points
ID: 39937345
It could be but impact depends on network needs.

You can't disable it perse but can block the traffic.
Be aware that pings, traceroutes etc would not work if ICMP (Internet Control Message Protocol) traffic is block across the network.

See the following from Wikipedia
http://en.wikipedia.org/wiki/Internet_Control_Message_Protocol


Control messages[edit]

Notable control messages[4][5]


Type

Code

Description

0 – Echo Reply[3]:14 0 Echo reply (used to ping)
1 and 2  Reserved
3 – Destination Unreachable[3]:4 0 Destination network unreachable
1 Destination host unreachable
2 Destination protocol unreachable
3 Destination port unreachable
4 Fragmentation required, and DF flag set
5 Source route failed
6 Destination network unknown
7 Destination host unknown
8 Source host isolated
9 Network administratively prohibited
10 Host administratively prohibited
11 Network unreachable for TOS
12 Host unreachable for TOS
13 Communication administratively prohibited
14 Host Precedence Violation
15 Precedence cutoff in effect
4 – Source Quench 0 Source quench (congestion control)
5 – Redirect Message 0 Redirect Datagram for the Network
1 Redirect Datagram for the Host
2 Redirect Datagram for the TOS & network
3 Redirect Datagram for the TOS & host
6  Alternate Host Address
7  Reserved
8 – Echo Request 0 Echo request (used to ping)
9 – Router Advertisement 0 Router Advertisement
10 – Router Solicitation 0 Router discovery/selection/solicitation
11 – Time Exceeded[3]:6 0 TTL expired in transit
1 Fragment reassembly time exceeded
12 – Parameter Problem: Bad IP header 0 Pointer indicates the error
1 Missing a required option
2 Bad length
13 – Timestamp 0 Timestamp
14 – Timestamp Reply 0 Timestamp reply
15 – Information Request 0 Information Request
16 – Information Reply 0 Information Reply
17 – Address Mask Request 0 Address Mask Request
18 – Address Mask Reply 0 Address Mask Reply
19  Reserved for security
20 through 29  Reserved for robustness experiment
30 – Traceroute 0 Information Request
31  Datagram Conversion Error
32  Mobile Host Redirect
33  Where-Are-You (originally meant for IPv6)
34  Here-I-Am (originally meant for IPv6)
35  Mobile Registration Request
36  Mobile Registration Reply
37  Domain Name Request
38  Domain Name Reply
39  SKIP Algorithm Discovery Protocol, Simple Key-Management for Internet Protocol
40  Photuris, Security failures
41  ICMP for experimental mobility protocols such as Seamoby [RFC4065]
42 through 255  Reserved
0
 
LVL 83

Expert Comment

by:Dave Baldwin
ID: 39937392
What would be the purpose of disabling it?
0
 
LVL 18

Expert Comment

by:Akinsd
ID: 39937413
Great question.

It could be but impact depends on network needs.

Means you don't want any of the listed traffic to traverse your network. In as much as this is rarely implemented globally on a network, it is still an option if any engineer wants to pursue that.

Common practice is to block icmp traffic on public interfaces or sensitive devices to prevent replies to untrusted requesters.
0
 
LVL 17

Expert Comment

by:TimotiSt
ID: 39938503
Just blocking all ICMP is becoming a bad practice, as for IPv4 you're just making debugging (and hence hacking) problematic, but IPv6 operation depends on ICMP a great deal.
0

Featured Post

Simple, centralized multimedia control

Watch and learn to see how ATEN provided an easy and effective way for three jointly-owned pubs to control the 60 televisions located across their three venues utilizing the ATEN Control System, Modular Matrix Switch and HDBaseT extenders.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

#Citrix #Citrix Netscaler #HTTP Compression #Load Balance
Our Group Policy work started with Small Business Server in 2000. Microsoft gave us an excellent OU and GPO model in subsequent SBS editions that utilized WMI filters, OU linking, and VBS scripts. These are some of experiences plus our spending a lo…
This video Micro Tutorial explains how to clone a hard drive using a commercial software product for Windows systems called Casper from Future Systems Solutions (FSS). Cloning makes an exact, complete copy of one hard disk drive (HDD) onto another d…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

749 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question