ICMP Data Exfiltration?

Hello I did notice lately on my ipfire that icmp packets were passing through firewall to hit the inside green zone despite all the security in place . Yesterday i just saw this video on youtube showing the security flaw of ICMP. That is why i would like to be able to deactivate icmp on the red interface. Have i look at this video. " ICMP Data Exfiltration - USB Rubber Ducky/Exfiltration [PAYLOAD MINUTE]" on hack5 channel. here the link

If you do a search on the forum.
You will find information on the topic of disabling ping.

1 Like

yes thanks, i did. But it would be nice if Ipfire had a “button” in web Gui interface for doing that. All router and firewall i worked with has that option.

Data Exfiltration is the sending of collected data from malware in a LAN network to the criminals C&C (Command and Control) server.
The data is going from the LAN network out to the C&C servers on the internet. It can use ICMP, HTTP, HTTPS, DNS… to hide the type of data being sent out.

If Data Exfiltration is occurring on a network then one or more of the systems on the LAN network are infected with malware which is trying to call home - the C&C servers.

Making sure that the

Drop packets from and to hostile networks (listed at Spamhaus DROP, etc.)

option in the IPFire Firewall Options menu is enabled is a good protection in case a user has become infected by clicking on a bad link in an email etc.

Hostile Networks include those used by criminals as C&C servers and enabling this option will block both incoming and outgoing traffic to those IP’s irrespective of the protocol being used.


Then those ICMP packets are not related to data exfiltration to a C&C server.

Also you are mentioning the packets coming into the network from the internet. Data Exfiltration is where ICMP packets (ot HTTP, HTTPS, DNS etc) are used to hide the data being sent out from your Green Network by the malware to its C&C Server.