Solaris Operating Environment by default is configured to both accept and send the ICMP Redirect messages. According to RFCs, only a router or a gateway device should send an ICMP Redirect message and any other hosts should only be able to receive the ICMP Redirects. If the Solaris server is not acting as a Router or a Gateway then sending ICMP Redirect message should be disabled. The same applies to accepting ICMP Redirect messages if the solaris server is not required to receive ICMP Redirect messages (say a single Router/Gateway network/subnets scenario) as a malicous hacker could send fake ICMP redirect messages to modify the routing table on the host and potentialy cause a Denial of Service attack.
Tag: icmp-redirect
Disable ICMP Redirects in Windows(2000,XP,2003)
ICMP redirect is a type 5 ICMP error message sent by a gateway router to a sending host informing of an optimal alternate route to the destination host and to update its routing table with the new host route to the target destination host.
ICMP Redirects being an inefficient way to update a hosts routing table of an optimal route to a target destination can cause security issues. A malicious hacker with little knowledge about the network can launch a Denail of Service (DoS) attack on a host on the network.