Administrator Guide
ICMP Vulnerabilities
The internet control message protocol (ICMP) is a network-layer internet protocol that provides message packets to report
errors and other information regarding IP packet processing back to the source. Dell EMC Networking OS mainly addresses the
following ICMP vulnerabilities:
● ICMP Mask Reply
● ICMP Timestamp Request
● ICMP Replies
● IP ID Values Randomness
You can configure the Dell EMC Networking OS to drop ICMP reply messages. When you configure the drop icmp command,
the system drops the ICMP reply messages from the front end and management interfaces. By default, the Dell EMC
Networking OS responds to all the ICMP messages. You can configure the Dell EMC Networking OS to suppress the following
ICMPv4 and ICMPv6 message types:
Table 7. Suppressed ICMPv4 message types
ICMPv4 Message Types
Echo reply (0)
All sub types of destination unreachable (3)
Source quench (4)
Redirect (5)
Router advertisement (9)
Router solicitation (10)
Time exceeded (11)
IP header bad (12)
Timestamp request (13)
Timestamp reply (14)
Information request (15)
Information reply (16)
Address mask request (17)
Address mask reply (18)
NOTE: The Dell EMC Networking OS does not suppress the ICMPv4 message type Echo request (8).
Table 8. Suppressed ICMPv6 message types
ICMPv6 Message Types
Destination unreachable (1)
Time exceeded (3)
IPv6 header bad (4)
Echo reply (129)
Who are you request (139)
Who are you reply (140)
Mtrace response (200)
Mtrace messages (201)
NOTE:
1432 Security