SmartThings Community

Network Security: A guide to securing your IoT home

security

(Paul Stewart) #41

Not remotely true … someone who is doing a proper port scan doesn’t ping you first. Blocking ICMP can break other things down the road as well (IPv6 for example).


#42

You are responding to a post which is over a year old, and @slagle now has a new handle, but the vector described is exactly the one used in a “ping flood attack,” which also happens to be one of the most frequent vulnerabilities for IOT systems.

Disabling ICMP as was suggested is indeed One of the standard options for shutting down these attacks, and it can still be a useful approach in an emergency situation.

How is a Ping flood attack mitigated?
.
Disabling a ping flood is most easily accomplished by disabling the ICMP functionality of the targeted router, computer or other device. A network administrator can access the administrative interface of the device and disable its ability to send and receive any requests using the ICMP, effectively eliminating both the processing of the request and the Echo Reply. The consequence of this is that all network activities that involve ICMP are disabled, making the device unresponsive to ping requests, traceroute requests, and other network activities.

However, as you noted, this isn’t really a good preventative measure because it shuts down a lot of other necessary network traffic.

So for a largescale critical system, these days best practices is probably adding a secondary layer to handle the requests With a variety of fallover options should a ping flood attack occur.

I agree the consequences need to be considered, and that’s a very important point not discussed in the original post. But it is also true that there are attacks which involve not just an initial ping, but a flood of repeated pings.

Submitted with respect.


(Paul Stewart) #43

Thanks - didn’t realize it was this old a thread … was actually looking for TFA for Smartthings when I stumbled across this thread (and got the info I needed for TFA - just had to look in right place).

Yeah, I was quick to jump on this thread … every day I see people having problems with various areas of networks and it’s often because they blocked all of ICMP and don’t understand the different types inside of ICMP. There are some things in ICMP that should always be blocked and some that are useful and even required in order for networks to function properly (varies of course). That being said, I don’t believe any IOT device should ever be on a public IP address - it should always be behind a stateful inspection firewall of some form. Assuming that is always the case (not a good assumption lol) then ping floods and stuff like that shouldn’t be a possible attack vector in the first place. :slight_smile:


(RH) #44

Japanese solution. https://youtu.be/YATSqJuJAMY