Router firewall ICMP risks and threats?


  1. Posts : 63
    Windows 10 home
       #1

    Router firewall ICMP risks and threats?


    Hello everyone

    I have found out, that my Router firewall has never blocked ICMP traffic.

    There is a lot of opinions online regarding ICMP, and whether it should be disabled or limited.

    So far I have found out, that it can exploited to monitor network traffic / I/O traffic (man-in-the-middle).
    It can also be exploited to carry and infect a PC system with malware.

    My questions / worries are:

    1.
    If someone monitored my network traffic using ICMP, would HTTPS traffic then still be encrypted / unreadable?

    2.
    Would my Windows Defender firewall block an attack / attempted malware infection via ICMP?

    3.
    Would Malwarebytes (example) scan detect, if my PC system had been infected by malware via ICMP?

    4. Are there other ways someone can access my PC system using ICMP, besides via malware infection?

    Thanks in advance for your answers
    And happy weekend!

    Best regards
      My Computer


  2. Posts : 5,442
    Windows 11 Home
       #2

    EmilDK said:
    1. If someone monitored my network traffic using ICMP, would HTTPS traffic then still be encrypted / unreadable?
    Yes, ICMP alone can pose some privacy risks, but without an actual infection, it is harmless.

    EmilDK said:
    2. Would my Windows Defender firewall block an attack / attempted malware infection via ICMP?
    3. Would Malwarebytes (example) scan detect, if my PC system had been infected by malware via ICMP?
    Probably, that goes for any malware.

    EmilDK said:
    4. Are there other ways someone can access my PC system using ICMP, besides via malware infection?
    No. ICMP would need a translator, an infected PC, in order to establish a meaningful connection.

    New Windows 'Pingback' malware uses ICMP for covert communication
      My Computer


  3. Posts : 63
    Windows 10 home
    Thread Starter
       #3

    TairikuOkami said:
    Yes, ICMP alone can pose some privacy risks, but without an actual infection, it is harmless.


    Probably, that goes for any malware.


    No. ICMP would need a translator, an infected PC, in order to establish a meaningful connection.

    New Windows 'Pingback' malware uses ICMP for covert communication
    Thank for you your reply

    My "knowledge" and concerns came after reading this:
    ICMP Attacks - Infosec Resources

    And the link / article regarding using ICMP and malware:
    New Windows 'Pingback' malware uses ICMP for covert communication

    If you took a look at the link (above), are your answers then still the same?
    Last edited by EmilDK; 07 May 2021 at 17:48.
      My Computer


  4. Posts : 5,442
    Windows 11 Home
       #4

    Unless you are a network administrator, I would not be concerned about it. If you are under a targeted attack, there is nothing you can do to stop it. ICMP is used mostly to compromise enterprises not common users, because it is too complex to implement and to maintain, it is much easier for them to just use lolbins.
      My Computer


  5. Posts : 63
    Windows 10 home
    Thread Starter
       #5

    TairikuOkami said:
    Unless you are a network administrator, I would not be concerned about it. If you are under a targeted attack, there is nothing you can do to stop it. ICMP is used mostly to compromise enterprises not common users, because it is too complex to implement and to maintain, it is much easier for them to just use lolbins.
    I am not a network admin
    I am quite certain, that I am not under attack
    And, I am not any high profile person or "valuable" target

    Just asking questions to learn and dampen my concerns

    - - - Updated - - -

    TairikuOkami said:
    Unless you are a network administrator, I would not be concerned about it. If you are under a targeted attack, there is nothing you can do to stop it. ICMP is used mostly to compromise enterprises not common users, because it is too complex to implement and to maintain, it is much easier for them to just use lolbins.
    So ICMP can't be used to infect a system, only transfer data after the infection?
      My Computer


  6. Posts : 5,442
    Windows 11 Home
       #6

    EmilDK said:
    So ICMP can't be used to infect a system, only transfer data after the infection?
    Honestly, I can not tell, all those tech articles are very vague, but some mentions that "a translator" has to be present to implement those ICMP packets, just like the current threat pingback.

    I always try to find detailed info, malware does not magically infect your computer when clicking on a click, there are scripts and powershell involved, get rid of those and system will be 99% malware free. Even ICMP can use scripting, so just by disabling WSH (not used by people anyway), you can prevent some of it for sure.

    I myself block all windows processes in/out, ping and tracert included, so this would not affect me.
    By the way process hacker can detect it, no need for elaborate scripts, unless you need to log it.
    Attached Thumbnails Attached Thumbnails Router firewall ICMP risks and threats?-capture_05082021_122857.jpg  
      My Computer


  7. Posts : 63
    Windows 10 home
    Thread Starter
       #7

    TairikuOkami said:
    Honestly, I can not tell, all those tech articles are very vague, but some mentions that "a translator" has to be present to implement those ICMP packets, just like the current threat pingback.
    .
    "Translator" = That the system is already compromised / infected?
      My Computer


  8. Posts : 5,442
    Windows 11 Home
       #8

    EmilDK said:
    "Translator" = That the system is already compromised / infected?
    Yes, because ICMP packets are just that, a hacker needs a system in place, that can interpret sent data.
      My Computer


 

  Related Discussions
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 06:45.
Find Us




Windows 10 Forums