Recent Searches

No recent searches

    Popular Articles

      Articles
      View all
        Topics
        View all
          Tickets
          View all
            no results

            Sorry! nothing found for

            How to Re-enable ICMP on ZVMA U7

            Modified on Thu, 11 Sep at 12:31 PM

            Overview

            As per security findings, starting 10.0.7 Zerto blocked ICMP redirection.  ICMP block


            ICMP Redirect messages are a feature of the Internet Control Message Protocol (ICMP) that routers use to inform hosts about more efficient routes for sending packets to a destination.


            When a host sends a packet to its default gateway, and the gateway knows of a better next-hop router on the same network segment, it sends an ICMP Redirect message to the host. This message tells the host to update its routing table and send future packets directly to the more optimal router, reducing unnecessary hops and optimizing network traffic.


            Security risks

            • Network Reconnaissance: Attackers can use ICMP to discover active hosts and map network topology.
            • Denial of Service (DoS/DDoS): ICMP flood, ping flood, and smurf attacks can overwhelm systems or networks, causing service disruptions.
            • Ping of Death: Sending oversized or malformed ICMP packets can crash or destabilize vulnerable systems.
            • ICMP Redirect Attacks: Forged ICMP redirect messages can alter routing tables, enabling man-in-the-middle attacks or traffic interception.
            • Lack of Authentication: ICMP messages are unauthenticated, allowing attackers to forge packets for various exploits.
            • ICMP Tunneling: Attackers may encapsulate data within ICMP packets to bypass firewalls and exfiltrate data unnoticed.
            • Information Disclosure: ICMP error messages can reveal internal network structure or device details to attackers.


            Steps

            Blocking ICMP redirection was done to harden the ZVMA against security vulnerabilities. Re-enabling ICMP will leave the ZVMA less secure. 


            • If manually enabled, it will not persist on an upgrade
            • In a future version, this will be added as an option on the appliance manager


            If you choose to re-enable ICMP, you accept the risks associated with its use, including as outlined in this notice, and HPE / Zerto / Assurestor disclaims all liability resulting from your use of ICMP. Please contact Assurestor Support if you require any further information or assistance.

            Was this article helpful?

            That’s Great!

            Thank you for your feedback

            Sorry! We couldn't be helpful

            Thank you for your feedback

            Let us know how can we improve this article!

            Select at least one of the reasons
            CAPTCHA verification is required.

            Feedback sent

            We appreciate your effort and will try to fix the article

            Preview
            0 of 0