This page looks best with JavaScript enabled

ICMP Redirect FreeBSD

 ·  🎃 kr0m

ICMP allows a functionality called ICMP Redirect, which is used to force a host to send network traffic through a gateway different from the one configured in its network configuration.
This is useful in the following scenario:

  • Gateway G1 receives traffic from a host, G1 consults its routing table and obtains the address of the next gateway G2.
  • If G2 is in the same subnet as the host, an ICMP Redirect is sent to the host to use G2 as the default gateway.

This functionality opens the door to possible MITM attacks, but fortunately FreeBSD has protection mechanisms against this type of trick.

First, we enable logging of received ICMP Redirects to know if we are under any type of attack:

sysrc icmp_log_redirect=YES

icmp_log_redirect: NO -> YES

Now all the ICMP Redirects we receive will be registered:

tail -f /var/log/messages

In most network scenarios, this functionality is not necessary, so we disable logging and directly destroy such traffic in case of receiving it, since it is likely to be an attacker on our LAN trying to perform a MITM:

sysrc icmp_log_redirect=NO

icmp_log_redirect: NO -> NO
sysrc icmp_drop_redirect=YES
icmp_drop_redirect: auto -> YES
If you liked the article, you can treat me to a RedBull here