ICMP
- Ashish Khabde
Analytics
ICMP attacks use network devices such as routers to send error messages when a requested service is not available or the remote server cannot be reached. Examples of ICMP attacks include ping floods, ping-of-death attacks, and smurf attacks.
The following table lists the system and auto rules that are used to mitigate ICMP attacks on your advanced appliance. For information about the parameters, see Overview of Packet Flow.
| Rule ID | Rule Type | Rule Name | Description | Enable/Disable Condition | Parameters | Comments |
|---|---|---|---|---|---|---|
| 130400200 | Auto | DROP ICMP large packets | This rule drops large ICMP packets (bigger than800). | Always enabled | Events per second (default=1) | |
| 130900100 | Auto | RATE LIMIT PASS ICMP Ping | This rule passes ICMP ping packets if the packet rate is less than the Packets per second value. If any source IP sends packets over this value, the appliance allows traffic up to the rate limit and then blocks traffic from this source IP for the remainder of the Drop interval. | Always enabled | Packets per second (default=50) Drop Interval (default=10 sec) Rate algorithm (default = rate limiting) Events per second (default=1) | |
| 130900200 | Auto | RATE LIMIT PASS ICMPv6 Ping | This rule passes ICMPv6 ping packets if the packet rate is less than the Packets per second value. If any source IP sends packets over this value, the appliance allows traffic up to the rate limit and then blocks traffic from this source IP for the remainder of the Drop interval. | Always enabled | Packets per second (default=50) Drop Interval (default=10 sec) Rate algorithm (default = rate limiting) Events per second (default=1) | |
| 130900700 | Auto | RATELIMIT PASS ICMPv6 destination unreachable | This rule passes ICMPv6 Destination Unreachable messages if the packet rate is less than the Packets per second value. If any source IP sends packets over this value, the appliance allows traffic up to the rate limit and then blocks traffic from this source IP for the remainder of the Drop interval. | Always enabled | Packets per second (default=100) Drop Interval (default=30 sec) Rate algorithm (default = rate limiting) Events per second (default=1) | |
| 130900800 | Auto | RATELIMIT PASS ICMPv6 packet too big | This rule passes ICMPv6 Packet Too Big messages if the packet rate is less than the Packets per second value. If any source IP sends packets over this value, the appliance allows traffic up to the rate limit and then blocks traffic from this source IP for the remainder of the Drop interval. | Always enabled | Packets per second (default=100) Drop Interval (default=30 sec) Rate algorithm (default = rate limiting) Events per second (default=1) | |
| 130900900 | Auto | RATELIMIT PASS ICMPv6 ping responses | This rule passes ICMPv6 ping responses if the packet rate is less than the Packets per second value. If any source IP sends packets over this value, the appliance allows traffic up to the rate limit and then blocks traffic from this source IP for the remainder of the Drop interval. | Always enabled | Packets per second (default=50) Drop Interval (default=10 sec) Rate algorithm (default = rate limiting) Events per second (default=1) | |
| 130901000 | Auto | RATELIMIT PASS ICMPv6 parameter problem erroneous header | This rule passes ICMPv6 Erroneous Header messages if the packet rate is less than the Packets per second value. If any source IP sends packets over this value, the appliance allows traffic up to the rate limit and then blocks traffic from this source IP for the remainder of the Drop interval. | Always enabled | Packets per second (default=50) Drop Interval (default=10 sec) Rate algorithm (default = rate limiting) Events per second (default=1) | |
| 130901100 | Auto | RATELIMIT PASS ICMPv6 parameter problem unrecognized next header | This rule passes ICMPv6 Unrecognized Next Header messages if the packet rate is less than the Packets per second value. If any source IP sends packets over this value, the appliance allows traffic up to the rate limit and then blocks traffic from this source IP for the remainder of the Drop interval. | Always enabled | Packets per second (default=50) Drop Interval (default=30 sec) Rate algorithm (default = rate limiting) Events per second (default=1) | |
| 130901200 | Auto | RATELIMIT PASS ICMPv6 parameter problem unrecognized IPv6 option | This rule passes ICMPv6 Unrecognized IPv6 Option messages if the packet rate is less than the Packets per second value. If any source IP sends packets over this value, the appliance allows traffic up to the rate limit and then blocks traffic from this source IP for the remainder of the Drop interval. | Always enabled | Packets per second (default=50) Drop Interval (default=30 sec) Rate algorithm (default = rate limiting) Events per second (default=1) | |
| 130901300 | Auto | RATELIMIT PASS ICMPv6 router solicitation | This rule passes ICMPv6 router solicitation packets if the packet rate is less than the Packets per second value. If any source IP sends packets over this value, the appliance allows traffic up to the rate limit and then blocks traffic from this source IP for the remainder of the Drop interval. | Always enabled | Packets per second (default=50) Drop Interval (default=30 sec) Rate algorithm (default = rate limiting) Events per second (default=1) | |
| 130901400 | Auto | RATELIMIT PASS ICMPv6 router advertisement | This rule passes ICMPv6 router advertisement if the packet rate is less than the Packets per second value. If any source IP sends packets over this value, the appliance allows traffic up to the rate limit and then blocks traffic from this source IP for the remainder of the Drop interval. | Always enabled | Packets per second (default=50) Drop Interval (default=30 sec) Rate algorithm (default = rate limiting) Events per second (default=1) | |
| 130901500 | Auto | RATELIMIT PASS ICMPv6 neighbor solicitation | This rule passes ICMPv6 neighbor solicitation packets if the packet rate is less than the Packets per second value. If any source IP sends packets over this value, the appliance allows traffic up to the rate limit and then blocks traffic from this source IP for the remainder of the Drop interval. | Always enabled | Packets per second (default=50) Drop Interval (default=30 sec) Rate algorithm (default = rate limiting) Events per second (default=1) | |
| 130901600 | Auto | RATELIMIT PASS ICMPv6 neighbor advertisement | This rule passes ICMPv6 neighbor advertisement if the packet rate is less than the Packets per second value. If any source IP sends packets over this value, the appliance allows traffic up to the rate limit and then blocks traffic from this source IP for the remainder of the Drop interval. | Always enabled | Packets per second (default=50) Drop Interval (default=30 sec) Rate algorithm (default = rate limiting) Events per second (default=1) | |
| 130901700 | Auto | RATELIMIT PASS ICMPv6 inverse neighbor solicitation | This rule passes ICMPv6 inverse neighbor solicitation messages if the packet rate is less than the Packets per second value. If any source IP sends packets over this value, the appliance allows traffic up to the rate limit and then blocks traffic from this source IP for the remainder of the Drop interval. | Always enabled | Packets per second (default=50) Drop Interval (default=30 sec) Rate algorithm (default = rate limiting) Events per second (default=1) | |
| 130901800 | Auto | RATELIMIT PASS ICMPv6 inverse neighbor advertisement | This rule passes ICMPv6 inverse neighbor advertisement if the packet rate is less than the Packets per second value. If any source IP sends packets over this value, the appliance allows traffic up to the rate limit and then blocks traffic from this source IP for the remainder of the Drop interval. | Always enabled | Packets per second (default=50) Drop Interval (default=30 sec) Rate algorithm (default = rate limiting) Events per second (default=1) | |
| 130901900 | Auto | RATELIMIT PASS ICMPv6 listener query | This rule passes ICMPv6 listener query messages if the packet rate is less than the Packets per second value. If any source IP sends packets over this value, the appliance allows traffic up to the rate limit and then blocks traffic from this source IP for the remainder of the Drop interval. | Always enabled | Packets per second (default=50) Drop Interval (default=30 sec) Rate algorithm (default = rate limiting) Events per second (default=1) | |
| 130902000 | Auto | RATELIMIT PASS ICMPv6 listener report | This rule passes ICMPv6 listener report messages if the packet rate is less than the Packets per second value. If any source IP sends packets over this value, the appliance allows traffic up to the rate limit and then blocks traffic from this source IP for the remainder of the Drop interval. | Always enabled | Packets per second (default=50) Drop Interval (default=30 sec) Rate algorithm (default = rate limiting) Events per second (default=1) | |
| 130902100 | Auto | RATELIMIT PASS ICMPv6 listener done | This rule passes ICMPv6 listener done messages if the packet rate is less than the Packets per second value. If any source IP sends packets over this value, the appliance allows traffic up to the rate limit and then blocks traffic from this source IP for the remainder of the Drop interval. | Always enabled | Packets per second (default=50) Drop Interval (default=30 sec) Rate algorithm (default = rate limiting) Events per second (default=1) | |
| 130902200 | Auto | RATELIMIT PASS ICMPv6 listener report v2 | This rule passes ICMPv6 listener report v2 messages if the packet rate is less than the Packets per second value. If any source IP sends packets over this value, the appliance allows traffic up to the rate limit and then blocks traffic from this source IP for the remainder of the Drop interval. | Always enabled | Packets per second (default=50) Drop Interval (default=30 sec) Rate algorithm (default = rate limiting) Events per second (default=1) | |
| 130902300 | Auto | RATELIMIT PASS ICMPV6 multicast router advertisement | This rule passes ICMPv6 multicast router advertisement if the packet rate is less than the Packets per second value. If any source IP sends packets over this value, the appliance allows traffic up to the rate limit and then blocks traffic from this source IP for the remainder of the Drop interval. | Always enabled | Packets per second (default=50) Drop Interval (default=30 sec) Rate algorithm (default = rate limiting) Events per second (default=1) | |
| 130902400 | Auto | RATELIMIT PASS ICMPV6 multicast router solicitation | This rule passes ICMPv6 multicast router solicitation messages if the packet rate is less than the Packets per second value. If any source IP sends packets over this value, the appliance allows traffic up to the rate limit and then blocks traffic from this source IP for the remainder of the Drop interval. | Always enabled | Packets per second (default=50) Drop Interval (default=30 sec) Rate algorithm (default = rate limiting) Events per second (default=1) | |
| 130902500 | Auto | RATELIMIT PASS ICMPV6 multicast router termination | This rule passes ICMPv6 packets that contain multicast router termination until the traffic hits the rate limit value, it then blocks all subsequent traffic for a certain period of time which is user configurable. | Always enabled | Packets per second (default=50) Drop Interval (default=30 sec) Rate algorithm (default = rate limiting) Events per second (default=1) | |
| 130902600 | Auto | RATELIMIT PASS ICMP ping responses | This rule passes ICMP ping responses if the packet rate is less than the Packets per second value. If any source IP sends packets over this value, the appliance allows traffic up to the rate limit and then blocks traffic from this source IP for the remainder of the Drop interval. | Always enabled | Packets per second (default=50) Drop Interval (default=30 sec) Rate algorithm (default = rate limiting) Events per second (default=1) | |
| 130902700 | Auto | RATELIMIT PASS ICMP router advertisement | This rule passes ICMP router advertisement if the packet rate is less than the Packets per second value. If any source IP sends packets over this value, the appliance allows traffic up to the rate limit and then blocks traffic from this source IP for the remainder of the Drop interval | Always enabled | Packets per second (default=50) Drop Interval (default=10 sec) Rate algorithm (default = rate limiting) Events per second (default=1) | |
| 130902800 | Auto | RATELIMIT PASS ICMP router solicitation | This rule passes ICMP router solicitation messages if the packet rate is less than the Packets per second value. If any source IP sends packets over this value, the appliance allows traffic up to the rate limit and then blocks traffic from this source IP for the remainder of the Drop interval. | Always enabled | Packets per second (default=50) Drop Interval (default=10 sec) Rate algorithm (default = rate limiting) Events per second (default=1) | |
| 130902900 | Auto | RATELIMIT PASS ICMP time exceeded | This rule passes ICMP time exceeded messages if the packet rate is less than the Packets per second value. If any source IP sends packets over this value, the appliance allows traffic up to the rate limit and then blocks traffic from this source IP for the remainder of the Drop interval. | Always enabled | Packets per second (default=50) Drop Interval (default=10 sec) Rate algorithm (default = rate limiting) Events per second (default=1) | |
| 130903000 | Auto | RATELIMIT PASS ICMP parameter problem | This rule passes ICMP parameter problems if the packet rate is less than the Packets per second value. If any source IP sends packets over this value, the appliance allows traffic up to the rate limit and then blocks traffic from this source IP for the remainder of the Drop interval. | Always enabled | Packets per second (default=50) Drop Interval (default=10 sec) Rate algorithm (default = rate limiting) Events per second (default=1) | |
| 130903100 | Auto | RATELIMIT PASS ICMPv6 hop limit exceeded or ICMPv4 network unreachable | This rule passes ICMPv6 Hop Limit Exceeded messages or ICMPv4 Network Unreachable messages if the packet rate is less than the Packets per second value. If any source IP sends packets over this value, the appliance allows traffic up to the rate limit and then blocks traffic from this source IP for the remainder of the Drop interval. | Always enabled | Packets per second (default=50) Drop Interval (default=30 sec) Rate algorithm (default = rate limiting) Events per second (default=1) | |
| 130903200 | Auto | RATELIMIT PASS ICMPv6 fragment reassembly time exceeded or ICMPv4 host unreachable | This rule passes ICMPv6 fragment reassembly time exceeded messages or ICMPv4 host unreachable messages if the packet rate is less than the Packets per second value. If any source IP sends packets over this value, the appliance allows traffic up to the rate limit and then blocks traffic from this source IP for the remainder of the Drop interval. | Always enabled | Packets per second (default=50) Drop Interval (default=10 sec) Rate algorithm (default = rate limiting) Events per second (default=1) | |
| 130903300 | Auto | RATELIMIT PASS ICMP protocol unreachable | This rule passes ICMP protocol unreachable messages if the packet rate is less than the Packets per second value. If any source IP sends packets over this value, the appliance allows traffic up to the rate limit and then blocks traffic from this source IP for the remainder of the Drop interval. | Always enabled | Packets per second (default=50) Drop Interval (default=10 sec) Rate algorithm (default = rate limiting) Events per second (default=1) | |
| 130903400 | Auto | RATELIMIT ICMP port unreachable | This rule passes ICMP port unreachable messages if the packet rate is less than the Packets per second value. If any source IP sends packets over this value, the appliance allows traffic up to the rate limit and then blocks traffic from this source IP for the remainder of the Drop interval. | Always enabled | Packets per second (default=50) Drop Interval (default=10 sec) Rate algorithm (default = rate limiting) Events per second (default=1) | |
| 130903500 | Auto | RATELIMIT PASS ICMP fragmentation needed | This rule passes ICMP fragmentation needed messages if the packet rate is less than the Packets per second value. If any source IP sends packets over this value, the appliance allows traffic up to the rate limit and then blocks traffic from this source IP for the remainder of the Drop interval. | Always enabled | Packets per second (default=50) Drop Interval (default=10 sec) Rate algorithm (default = rate limiting) Events per second (default=1) |