ICMP(Internet Control Message Protocol) : ÀÎÅÍ³Ý Á¦¾î ¸Þ¼¼Áö ÇÁ·ÎÅäÄÝ
¿ëµµ
ÀÎÅͳÝ/Åë½Å»ó¿¡¼ ¹ß»ýÇÑ ÀϹÝÀûÀÎ »óȲ / ¿À·ù¿¡ ´ëÇÑ º¸°í
±â´É
IP ÇÁ·ÎÅäÄÝÀ» ÀÌ¿ëÇÏ¿© ICMP ¸Þ¼¼Áö Àü´Þ
ping : »ó´ë¹æ È£½ºÆ®ÀÇ ÀÛµ¿ ¿©ºÎ ¹× ÀÀ´ä½Ã°£ ÃøÁ¤
- echo request ÁúÀÇ ¸Þ¼¼Áö ¿äû
- echo reply ÀÀ´ä¸Þ¼¼Áö ¿äû
trace : ¸ñÀûÁö±îÁöÀÇ ¶ó¿ìÆà °æ·Î ÃßÀû
- time exceeded
ICMP ÆÐŶÇì´õ ±¸Á¶
- ICMP Type
- ICMP Code
- ICMP Checksum
- ICMP Contents
ICMP Type
ICMP Code
ICMP Type 3 : Destination Unreachable (¸ñÀûÁö¿¡ µµ´ÞÇÒ ¼ö ¾øÀ½)
ICMP Type 11 : Time Exceeded (½Ã°£ ÃÊ°ú)
Âü°í
ICMP Checksum
- Çì´õÀÇ ¼Õ»ó¿©ºÎ È®ÀÎ
Ãß°¡
¡Ø IPTABLES Match
# iptables -p icmp -h
### Don't allow pings through ###
-A INPUT -p icmp -m icmp --icmp-type echo-request -j DROP # icmp-type 8
### Stop smurf attacks ###
-A INPUT -p icmp -m icmp --icmp-type timestamp-request -j DROP # icmp-type 13
-A INPUT -p icmp -m icmp --icmp-type address-mask-request -j DROP # icmp-type 17
