CVE-1999-0214

Step 1: Target Identification: The attacker identifies the target IP address and potentially open ports on the target system.

Step 2: Packet Crafting: The attacker crafts malicious ICMP Unreachable packets. These packets typically spoof the source IP address of a legitimate host that the target is communicating with.

Step 3: Packet Injection: The attacker injects the crafted ICMP Unreachable packets into the network, targeting the victim.

Step 4: Target Processing: The target system receives the forged ICMP Unreachable packets. The network stack processes these packets, potentially leading to the premature termination of connections or the updating of routing tables.

Step 5: Denial of Service: The target system's network connectivity is disrupted, leading to a DoS condition. Legitimate traffic may be dropped or rerouted incorrectly.

The vulnerability stems from the network stack's insufficient validation of incoming ICMP error messages, specifically those indicating a host or network is unreachable. By crafting and injecting forged ICMP Unreachable packets, an attacker can trick a target system into prematurely closing connections or rerouting traffic, effectively causing a DoS. The root cause lies in the lack of proper source verification and rate limiting of ICMP packets, allowing an attacker to flood the target with malicious messages and exhaust its resources.