Check your EC2 security groups for inbound rules that allow unrestricted access (i.e. 0.0.0.0/0 or ::/0) to any hosts using ICMP and restrict access to only those IP addresses that require it in order to implement the principle of least privilege and reduce the possibility of a breach. Internet Control Message Protocol (ICMP) is an error-reporting protocol that is typically used to troubleshoot TCP/IP networks by generating error messages for any issues with delivering IP packets. Even if ICMP is not a transport protocol, it can be used to exploit network vulnerabilities.
This rule can help you with the following compliance standards:
This rule can help you work with the AWS Well-Architected Framework
This rule resolution is part of the Cloud Conformity Security & Compliance tool for AWS
Allowing unrestricted ICMP access can increase opportunities for malicious activity such as denial-of-service (DoS) attacks, Smurf and Fraggle attacks.
Audit
To determine if your EC2 security groups allow unrestricted ICMP access, perform the following:
Remediation / Resolution
To update your security groups inbound/ingress configuration in order to restrict ICMP access to specific entities (IP addresses, IP ranges and security groups), perform the following:
References
- AWS Documentation
- Amazon EC2 Security Groups for Linux Instances
- Security Groups for Your VPC
- Authorizing Inbound Traffic for Your Linux Instances
- AWS Command Line Interface (CLI) Documentation
- ec2
- describe-security-groups
- revoke-security-group-ingress
- authorize-security-group-ingress
Unlock the Remediation Steps
Gain free unlimited access
to our full Knowledge Base
Over 750 rules & best practices
for and
Get started for FREE
You are auditing:
Unrestricted ICMP Access
Risk level: Medium