In an ICMP redirect packet attack, an attacker sends forged redirect packets to the hosts on another network to change the routing tables of the hosts and interfere with normal IP packet sending on the hosts.
A network device sends an ICMP redirect packet to the hosts on the same subnet, requesting the hosts to change the route. Generally, the device sends the ICMP redirect packet only to hosts on the same subnet. Certain malicious attackers, however, may send fraudulent redirection packets to the hosts on another network to change the routing table of the hosts and interfere with normal IP packet forwarding on the hosts.
After ICMP redirect packet attack defense is enabled, the FW discards ICMP redirect packets and logs attacks.