What is an ICMP redirect message?

An ICMP redirect message is an out-of-band message that is designed to inform a host of a more optimal route through a network, but possibly used maliciously for attacks that redirect traffic to a specific system. In this type of an attack, the hacker, posing as a router, sends an Internet Control Message Protocol (ICMP) redirect message to a host, which indicates that all future traffic must be directed to a specific system as the more optimal route for the destination. You can set up IDS to notify you when these ICMP redirect messages occur or to ignore them.

ICMP redirect packets are ignored if IPCONFIG IGNOREREDIRECT is specified in the TCP/IP profile, you are using OMPROUTE and you have IPv4 interfaces configured to OMPROUTE, or IDS policy is active for ICMP redirect attacks and the associated policy action requests that the packet be discarded.

ICMPv6 redirect packets are ignored if IPCONFIG6 IGNOREREDIRECT is specified in the TCP/IP profile, you are using OMPROUTE and you have IPv6 interfaces configured to OMPROUTE, or IDS policy is active for ICMP redirect attacks and the associated policy action requests that the packet be discarded.