The ICMP protocol is fundamental part of the TCP/IP protocol suite, and is used mainly for reporting network error conditions. However, the current IETF specifications do not recommend any kind of security checks on the received ICMP error messages, thus leaving the door open to a variety of attacks. ICMP can be used to perform a number of attacks against the TCP protocol, which include blind connection-reset and blind throughput-reduction attacks.

Fernando will introduce the attacks that can be performed against TCP by means of ICMP, and will discuss the possible counter-measures against them. Of particular interest will be a discussion of a counter-measure for the attack against the Path-MTU discovery mechanism, and a discussion of advanced packet filtering policies that could be used to mitigate the impact of these attacks.

speaker: Fernando Gont

location: SITE G0103