ICMP (Internet Control Message Protocol)
What is ICMP?
ICMP is a network layer protocol utilized by network devices to diagnose communication problems. ICMP is mainly used to determine whether data is reaching its intended destination promptly. In addition, network devices, such as routers, use the ICMP protocol for error reporting when network problems prevent the delivery of data packets.
Hackers also found a way to use ICMP messages maliciously, such as ping of death (PoD) attacks, Smurf attacks, and ping flood attacks. While few networks are vulnerable to PoD and Smurf attacks today, most systems are still affected by ping flood attacks.
- In the world of NXLog
In corporate networks, ICMP traffic commonly indicates ping requests, and a certain amount of ICMP traffic is usually expected. However, a sharp increase in ICMP traffic during a short period usually points to malicious activity. Therefore, ICMP traffic is worth monitoring.
- Known as
ICMP, ICMP protocol, Internet Control Message Protocol