ICMP tunnel
An ICMP tunnel uses ICMP packets ( Echo Request and Reply ) to establish a hidden channel between two computers ( client and proxy ). In this way, for example, a tunnel for TCP packets can be set up using ping messages .
Technical details
An ICMP tunnel is based on the fact that any data is attached to an echo packet and sent to another computer. This replies in the same way by adding its reply to another ICMP packet and sending it back. The client uses ICMP echo request packets, while the proxy uses echo reply packets. In theory, it would be easier if the proxy also used echo request packets, which would make implementation much easier. However, these packets are not necessarily forwarded to the client , as the client could be behind a router that filters pings from outside its own network, such as in the case of a NAT router.
Applications
An ICMP tunnel is often used to bypass firewalls that allow ICMP packets to pass through, or to establish an encrypted communication channel between two computers that is difficult to trace.
Prevention options
By blocking ICMP messages ( Echo Request and Reply ) at the network's external borders, ICMP tunnel connections can be prevented. However, if the availability check of systems by means of ICMP is desired, the bandwidth limit (" rate limit ") can also be set, e.g. B. by firewall - or intrusion prevention systems (IPS) of ICMP echo messages make a tunnel unattractive.
See also
Web links
- http://sourceforge.net/projects/itun simple ICMP tunnel
- http://www.cs.uit.no/~daniels/PingTunnel/ Ping Tunnel
- http://icmpshell.sourceforge.net/ a Telnet-like protocol, but over ICMP
- RFC 792 , Internet Control Message Protocol
- Using the ICMP tunneling tool Ping Tunnel
- Project Loki , article on ICMP tunnels in Phrack
Individual evidence
- ↑ Daniel Stødle: Ping Tunnel: For Those times When Everything else is blocked. . Retrieved December 16, 2011.