Abstract
This paper presents a systematic solution to the problem of using ICMP tunneling for covert channel. ICMP is not multiplexed via port numbers and the data part of the ICMP packet provides considerable bandwidth for malicious covert channels. These factors make it an integral part of many malicious software like remote access and denial of service attack tools. These tools use ICMP to establish covert communication channels. In this paper a stateless model is proposed to prevent ICMP tunneling. A Linux kernel module was implemented to demonstrate the proposed stateless solution. The module enforces a fixed payload policy for ICMP packets and virtually eliminates ICMP tunneling which arises due to the data carrying capability of ICMP. The performance impact on end hosts and routers due to the stateless monitoring model is described. © 2003 Springer-Verlag Berlin Heidelberg.
Cite
CITATION STYLE
Singh, A., Nordström, O., Lu, C., & Dos Santos, A. L. M. (2003). Malicious ICMP tunneling: Defense against the vulnerability. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 2727 LNCS, pp. 226–236). https://doi.org/10.1007/3-540-45067-X_20
Register to see more suggestions
Mendeley helps you to discover research relevant for your work.
