What is ICMP (Internet Control Message Protocol)?
ICMP, short for "Internet Control Message Protocol," is a protocol used in IP-based communication for error notifications, verifying the operational status of communication partners, and exchanging control messages. The Internet Engineering Task Force (IETF) has standardized ICMP for IPv4 as RFC 792 and for IPv6 as RFC 4443.
Although ICMP operates on a higher layer like TCP or UDP, it is often treated as an extension of IP. ICMP notifications include echo replies, destination unreachable, source quench (transmission suppression), redirect requests, and echo requests. Among these, echo requests and echo replies are typically used to confirm the operational status of remote TCP/IP protocol stacks and are implemented in the ping command.
However, ICMP echo requests can be exploited in ICMP Flood attacks, a form of DoS/DDoS attack. In this method, the attacker's network sends large amounts of ICMP packets with the source IP address spoofed to match the server's IP address being targeted. These packets are broadcast across the victim’s network. Hosts receiving the ICMP echo requests simultaneously send echo replies to the spoofed source address, overloading the target server and slowing network communication. This type of attack is also referred to as a Smurf attack due to the spoofing of the source address.
F5 BIG-IP solutions include built-in protection against ICMP Flood attacks, allowing mitigation of these threats without requiring extensive configuration changes.