Prerequisites
This type of an attack requires the target system to be running a vulnerable implementation of IP, and the attacker needs to ability to send arbitrary sized ICMP packets to the target.
Mitigations
This attack may be mitigated through egress filtering based on ICMP payload so a network is a "good neighbor" to other networks. Bad IP implementations become patched, so using the proper version of a browser or OS is recommended.
Related Weaknesses
CWE-ID |
Weakness Name |
CWE-770 |
Allocation of Resources Without Limits or Throttling The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor. |
CWE-404 |
Improper Resource Shutdown or Release The product does not release or incorrectly releases a resource before it is made available for re-use. |
References
REF-425
ICMP Attacks Illustrated
http://www.sans.org/reading-room/whitepapers/threats/icmp-attacks-illustrated-477?show=icmp-attacks-illustrated-477&cat=threats
Submission
Name |
Organization |
Date |
Date Release |
CAPEC Content Team |
The MITRE Corporation |
2014-06-23 +00:00 |
Modifications
Name |
Organization |
Date |
Comment |
CAPEC Content Team |
The MITRE Corporation |
2019-04-04 +00:00 |
Updated Related_Weaknesses |