|Threat actors use Internet Control Message Protocol (ICMP) echo packets (pings) to discover subnets and hosts on a protected network, to generate DoS flood attacks, and alter host routing tables.
|Denial-of-Service (DoS) attacks
|Threat actors attempt to prevent legitimate users from accessing information or services.
|Distributed Denial-of-Service (DDoS) attacks
|Similar to a DoS attack, but features a simultaneous, coordinated attack from multiple source machines.
|Address spoofing attacks
|Threat actors spoof the source IP address in an attempt to perform blind spoofing or non-blind spoofing.
|Man-in-the-middle attack (MiTM)
|Threat actors position themselves between a source and destination to transparently monitor, capture and control the communication. They could simply eavesdrop by inspecting captured packets or alter packets and forward them to their original destination.
|Threat actors gain access to the physical network, and then use a MiTM attack to hijack a session.
Threat actors use ICMP for reconnaissance and scanning attacks. This enables them to launch information-gathering attacks to map out a network topology, discover which hosts are active (reachable), identify the host operating system (OS fingerprinting), and determine the state of a firewall.
The table lists common ICMP messages of interest to threat actors.
|ICMP echo request and echo reply
|This is used to perform host verification and DoS attacks.
|This is used to perform network reconnaissance and scanning attacks.
|ICMP mask reply
|This is used to map an internal IP network.
|This is used to lure a target host into sending all traffic through a compromised device and create a MiTM attack.
|ICMP router discovery
|This is used to inject bogus route entries into the routing table of a target host.
Amplification and Reflection Attacks
Threat actors also use resource exhaustion attacks. These attacks consume the resources of a target host to either crash it or consume the resources of a network.
Address Spoofing Attacks
Spoofing attacks can be non-blind or blind:
- Non-blind spoofing – The threat actor can see the traffic that is being sent between the host and the target. The threat actor uses non-blind spoofing to inspect the reply packet from the target victim. Non-blind spoofing determines the state of a firewall and sequence-number prediction. It can also hijack an authorized session.
- Blind spoofing – The threat actor cannot see the traffic that is being sent between the host and the target. Blind spoofing is used in DoS attacks.
MAC address spoofing attacks are used when threat actors have access to the internal network. Threat actors alter the MAC address of their host to match another known MAC address of a target host, as shown in the figure. The attacking host then sends a frame throughout the network with the newly-configured MAC address. When the switch receives the frame, it examines the source MAC address.
Threat Actor Spoofs a Server’s MAC Address
PS: If you would like to have an online course on any of the courses that you found on this blog, I will be glad to do that on an individual and corporate level, I will be very glad to do that I have trained several individuals and groups and they are doing well in their various fields of endeavour. Some of those that I have trained includes staffs of Dangote Refinery, FCMB, Zenith Bank, New Horizons Nigeria among others. Please come on Whatsapp and let’s talk about your training. You can reach me on Whatsapp HERE. Please note that I will be using Microsoft Team to facilitate the training.
I know you might agree with some of the points that I have raised in this article. You might not agree with some of the issues raised. Let me know your views about the topic discussed. We will appreciate it if you can drop your comment. Thanks in anticipation.
Fact Check Policy
CRMNUGGETS is committed to fact-checking in a fair, transparent and non-partisan manner. Therefore, if you’ve found an error in any of our reports, be it factual, editorial, or an outdated post, please contact us to tell us about it.