ICMP Redirects
Today I wanted to share my CCIE Security notes on ICMP redirect messages. ICMP Redirection is used to notify hosts that a better route is available for packets destined for a specific destination. This feature is available and enabled by default on all Cisco IOS releases but it is worth mentioning that there may be cases when ICMP redirection is disabled. Before diving into the details, it is important to note that ICMP redirection is disabled on interfaces that are running HSRP, this is the case for devices running pre-IOS 12.1(3) code. Cisco devices running post 12.1(3) code can still send ICMP redirect messages when HSRP is enabled on an interface. Certain conditions need to be met in order for ICMP redirection to occur, these are as follows: The router interface in which the packet arrives must be the same interface that the packet is re-routed out of, we will discuss this further later in this post The packet is not source-routed, by this we mean the sender has not specified...