Securing Protocol Layers   «Prev 

Internet Control Message Protocol

A well-publicized ICMP attack occurred with the Microsoft TCP/IP stack.
A hacker generated a very specialized ICMP message in the form of a ping request. Any computer running earlier versions of the TCP/IP stack would not be able to properly address the modified ICMP request and would crash.
The industry labeled this type of attack a Winnuke attack, after the program Winnuke, which issued this type of ICMP message.
To this day, the Microsoft Web site does not respond to pings because Microsoft has filtered all ICMP requests to the Web servers. Many companies now filter ICMP traffic at their firewalls.


ICMP is a network protocol useful in Internet Protocol (IP) network management and administration and is a required element of IP implementations. ICMP is a control protocol, meaning that it does not carry application data, but rather information about the status of the network itself.
Furthermore, ICMP can be used to report:
  1. errors in the underlying communications of network applications
  2. availability of remote hosts
  3. network congestion