Malicious ICMP Tunneling: Defense against the Vulnerability

Singh, Abhishek; Nordstrom, O.; Lu, Chenghuai; Santos, Andre L. M. dos

doi:10.1007/3-540-45067-x_20

Cited by 25 publications

(13 citation statements)

References 2 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Many of the channels described earlier can be eliminated by normalising protocol headers, padding and extensions as described by Malan et al [101], Handley et al [102] and Fisk et al [4] in general, or more specifically for the IPv6 protocol by Lucena et al [37] and ICMP tunneling by Singh [103]. Traffic normalisation can be performed by end hosts or by network devices such as firewalls or proxies.…”

Section: Traffic Normalizationmentioning

confidence: 99%

A survey of covert channels and countermeasures in computer network protocols

Zander

Armitage

Branch

2007

IEEE Commun. Surv. Tutorials

469

370

View full text Add to dashboard Cite

Covert channels are used for the secret transfer of information. Encryption only protects communication from being decoded by unauthorised parties, whereas covert channels aim to hide the very existence of the communication. Initially, covert channels were identified as a security threat on monolithic systems i.e. mainframes. More recently focus has shifted towards covert channels in computer network protocols. The huge amount of data and vast number of different protocols in the Internet seems ideal as a high-bandwidth vehicle for covert communication. This article is a survey of the existing techniques for creating covert channels in widely deployed network and application protocols. We also give an overview of common methods for their detection, elimination, and capacity limitation, required to improve security in future computer networks.

show abstract

Section: Traffic Normalizationmentioning

confidence: 99%

A survey of covert channels and countermeasures in computer network protocols

Zander

Armitage

Branch

2007

IEEE Commun. Surv. Tutorials

469

370

View full text Add to dashboard Cite

show abstract

“…If active attackers can manipulate the network traffic by RST attacks [22] or by using the ICMP traffic method [23], or by controlling the local DNS server, they could launch an privacy reduction attack against our random noise based range query protocol. The method of the active privacy reduction attack is based on dropping the query range…”

Section: Active Privacy Reduction Attackmentioning

confidence: 99%

Analysis of Existing Privacy-Preserving Protocols in Domain Name System

Zhao

Hori

Sakurai

2010

IEICE Trans. Inf. & Syst.

View full text Add to dashboard Cite

SUMMARYIn a society preoccupied with gradual erosion of electronic privacy, loss of privacy in the current Domain Name System is an important issue worth considering. In this paper, we first review the DNS and some security & privacy threats to make average users begin to concern about the significance of privacy preservation in DNS protocols. Then, by an careful survey of four noise query generation based existing privacy protection approaches, we analyze some benefits and limitations of these proposals in terms of both related performance evaluation results and theoretic proofs. Finally, we point out some problems that still exist for research community's continuing efforts in the future. key words: domain name system (DNS), privacy, private information retrieval, random noise

show abstract

“…Additional defensive research has been performed to further limit the capabilities of ICMP covert channels. A Linux kernel module was developed to scan ICMP messages for specific signatures such as passwd, root, etc, ls and dir [5]. If these signatures were detected, the ICMP message was essentially scrubbed by zeroing out the data field while being processed by the network stack.…”

Section: Related Workmentioning

confidence: 99%

ICMP Covert Channel Resiliency

Stokes

Yuan

Johnson

et al. 2010

Technological Developments in Networking, Education and Automation

View full text Add to dashboard Cite

The ICMP protocol has been widely used and accepted as a covert channel. While the ICMP protocol is very simple to use, modern security approaches such as firewalls, deep-packet inspection and intrusion detection systems threaten the use of ICMP for a reliable means for a covert channel. This study explores the modern usefulness of ICMP with typical security measures in place. Existing ICMP covert channel solutions are examined for compliance with standard RFCs and resiliency with modern security approaches.

show abstract

Malicious ICMP Tunneling: Defense against the Vulnerability

Cited by 25 publications

References 2 publications

A survey of covert channels and countermeasures in computer network protocols

A survey of covert channels and countermeasures in computer network protocols

Analysis of Existing Privacy-Preserving Protocols in Domain Name System

ICMP Covert Channel Resiliency

Contact Info

Product

Resources

About