[cs615asa] Blue Team Link Week 6
Huajie Xu
hxu35 at stevens.edu
Mon Mar 4 15:28:02 EST 2019
Hello everyone,
This week Blue Team will focus on attacks related to ICMP protocol.
We found two detailed links talking about how ICMP flood attack works, and other features (such as tunneling) which can be used in an attack. A ttackers can use a oversized ICMP packet to make certain network device crash, or just overwhelming the device with too many ICMP echo-request packets.
Currently, as a Blue Team administrator, adding rule based checks to the ICMP packets is a practical way to eliminate such attacks. For example, the ICMP packet size should not exceed 64K bytes.
Links:
https://www.cloudflare.com/learning/ddos/glossary/internet-control-message-protocol-icmp/
https://www.sans.org/reading-room/whitepapers/threats/icmp-attacks-illustrated-477
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.stevens.edu/pipermail/cs615asa/attachments/20190304/20568562/attachment.html>
More information about the cs615asa
mailing list