- ICMP tunnel
An ICMP tunnel establishes a covert connection between two remote computers (a client and proxy), using ICMP echo requests and reply packets. An example of this technique is tunneling complete TCP traffic over ping requests and replies.
Technical details
ICMP tunneling works by injecting arbitrary data into an echo packet sent to a remote computer. The remote computer replies in the same manner, injecting an answer into another ICMP packet and sending it back. The client performs all communication using ICMP echo request packets, while the proxy uses echo reply packets. In theory, it is possible to have the proxy use echo request packets (which makes implementation much easier), but these packets are not necessarily forwarded to the client, as the client could be behind a translated address (NAT). This bidirectional data flow can be abstracted with an ordinary serial line.
Uses
Tunneling is often used to bypass firewalls which do not block ICMP packets, or to establish hard to trace, encrypted communication channel between two computers without direct network interaction.
ee also
*
ICMPv6
*Smurf attack External links
* http://sourceforge.net/projects/itun Simple ICMP tunnel
* http://www.cs.uit.no/~daniels/PingTunnel/
* http://www.bluebitter.de/download/PingChat.zip "TechDemo - Chat program (Windows)"
* http://www.bluebitter.de/download/ICMPCmd.zip "TechDemo - Client/Server TechDemo (Windows)"
* [http://www.giac.org/certified_professionals/practicals/GSEC/1354.php ICMP Tunneling] by Stuart Thomas
* RFC 792, "Internet Control Message Protocol"
* [http://www.eventhelix.com/RealtimeMantra/Networking/Icmp.pdf ICMP Sequence Diagram]
* RFC 1122, "Requirements for Internet Hosts -- Communication Layers"
* [http://www.daemon.be/maarten/icmpfilter.html Filtering ICMP on firewalls]
* [http://phrack.org/issues.html?issue=49&id=6#article Project Loki] " Article on ping tunneling in "Phrack "
Wikimedia Foundation. 2010.
