Appendix F: ICMP Types and Codes
ICMP provides useful and valuable information about the state of a network. Unfortunately, crackers can use the features of ICMP to mount an attack against an organization. For example, someone could send an ICMP Destination Unreachable packet. When a device cannot ﬁnd a service, network, or host, it can respond to a request with a Destination Unreachable packet. The Destination Unreachable message will cause the sender to tear down the connection — in effect, a denialof-service. Or, someone might send redirect messages to have you redirect trafﬁc to a segment where they are running a packet analyzer or “sniffer.” You will need to look for speciﬁc types of ICMP trafﬁc.