Using Consistency Checks to Prevent Malcious Tunneling

A. Singh, O. Nordström, and A.L.M. dos Santos (USA)


Tunneling, ICMP


Tunneling is becoming an integral part of malicious tools including those employed for remote access and distributed denial of service attacks. These tools use the unused fields of ICMP packets to establish malicious tunnels. However there exist many other idle fields in TCP/IP and ICMP messages. The paper identifies the idle fields in TCP/IP and ICMP messages and proposes the use of a stateless model to protect against the misuse of these unused fields. This paper also presents the advantages of using a stateless model over firewalls and IDS. The performance impact on end hosts and on routers is minimal.

Important Links:

Go Back