The ICMP protocol is fundamental part of the TCP/IP protocol suite, and is
used mainly for reporting network error conditions. However, the current
IETF specifications do not recommend any kind of security checks on the
received ICMP error messages, thus leaving the door open to a variety of
attacks. ICMP can be used to perform a number of attacks against the TCP
protocol, which include blind connection-reset and blind
Fernando will introduce the attacks that can be performed against TCP by
means of ICMP, and will discuss the possible counter-measures against them.
Of particular interest will be a discussion of a counter-measure for the
attack against the Path-MTU discovery mechanism, and a discussion of
advanced packet filtering policies that could be used to mitigate the
impact of these attacks.
speaker: Fernando Gont
location: SITE G0103