It's my understanding that the ICMP redirect is used in the following scenario: - host1 sends data to gateway1 - gateway1 looks for the next hop and find gateway2 - gateway2 is on the same net as host1 - gateway1 sends redirect to host1 informing it to use gateway2 - host1 traffic now leaves via gateway2 With this in mind, I *think* the redirect has to come from "pepsi"'s gateway. On Win2k, verify the value of: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\EnableICMPRedirect It's set to 1 (enable) by default. -blake On Tue, 30 Oct 2001, Naveed Anwar wrote: > > Hi All > > I have just been conducting a test in one of our labs by sending ICMP > redirects to a Windows 2000 Advanced Server using ICMPUSH. Using a > sniffer I see the packet successfully leave my machine, then again > from the target box I see the re-direct arrive. Say for example my > target machine is called Pepsi, and I tell it to redirect any packets > for a machine called Fanta to a dead gateway, hence communication to > Fanta will fail for the lifetime of the redirect. > > Now my understanding is that the target server (Pepsi) should now > have updated its local routing table with respect to the Fanta > machine. Then from Pepsi I try to ping/telnet/http/ftp etc..(i.e > establish communication) to Fanta I am able to. The point is since I > told Pepsi via a redirect to send all traffic for Fanta to a > blackhole, how is the communication working. > > One interesting point is that when I issue a netstat -rn to view the > routing table, I see no route update from the ICMP redirect. > > After reading Ofir's excellent paper I understand most ICMP > implementations are OS specific, therefore I guess redirects do not > work in Win2000 or Linux 6.2 which I also tested..or am I doing > something horribly wrong? > > Thanks > Naveed > > ---------------------------------------------------------------------------- > This list is provided by the SecurityFocus Security Intelligence Alert (SIA) > Service. For more information on SecurityFocus' SIA service which > automatically alerts you to the latest security vulnerabilities please see: > https://alerts.securityfocus.com/ > > ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
This archive was generated by hypermail 2b30 : Tue Oct 30 2001 - 16:46:01 PST