Concept Guide
ICMP Vulnerabilities
The Internet Control Message Protocol (ICMP) is a network-layer Internet protocol that provides message packets to report errors and
other information regarding IP packet processing back to the source. Dell Networking OS mainly addresses the following ICMP
vulnerabilities:
• ICMP Mask Reply
• ICMP Timestamp Request
• ICMP Replies
• IP ID Values Randomness
You can congure the Dell Networking OS to drop ICMP reply messages. When you congure the drop icmp command, the system
drops the ICMP reply messages from the front end and management interfaces. By default, the Dell Networking OS responds to all the
ICMP messages. The Dell Networking OS suppresses the following ICMPv4 and ICMPv6 message types:
Table 4. Suppressed ICMPv4 message types
ICMPv4 Message Types
Echo reply (0)
All sub types of destination unreachable (3)
Source quench (4)
Redirect (5)
Router advertisement (9)
Router solicitation (10)
Time exceeded (11)
IP header bad (12)
Timestamp request (13)
Timestamp reply (14)
Information request (15)
Information reply (16)
Address mask request (17)
Address mask reply (18)
NOTE: The Dell Networking OS does not suppress the ICMPv4 message type Echo request (8).
Table 5. Suppressed ICMPv6 message types
ICMPv6 Message Types
Destination unreachable (1)
Time exceeded (3)
IPv6 header bad (4)
Echo reply (129)
Who are you request (139)
1212 Security