Browse > Article
http://dx.doi.org/10.6109/jkiice.2017.21.3.549

Design and implementation of outbound traffic controller for the prevention of ICMP attacks  

Yoo, Kwon-jeong (Department of Information and Communication Engineering, Hanbat National University)
Kim, Eun-gi (Department of Information and Communication Engineering, Hanbat National University)
Publication Information
Journal of the Korea Institute of Information and Communication Engineering / v.21, no.3, 2017 , pp. 549-557 More about this Journal
Abstract
ICMP(Internet Control Message Protocol) is a main protocol in TCP/IP protocol stack. ICMP compensates the disadvantages of the IP that does not support error reporting. If any transmission problem occurred, a router or receiving host sends ICMP message containing the error cause to sending host. However, in this process, an attacker sends a fake ICMP messages to the host so that the communication can be terminated abnormally. An attacker host can paralyzes system of victim host by sending a large number of messages to the victim host at a high rate of speed. To solve this problem, we have designed and implemented outbound traffic controller that prevents various ICMP attacks. By preventing the transmission of attack messages in different ways according to each case, various network attacks can be prevented. In addition, unnecessary network traffic can be filtered before transmitted.
Keywords
ICMP; traffic; controller; network attack; security;
Citations & Related Records
연도 인용수 순위
  • Reference
1 B. A. Forouzan, TCP/IP Protocol Suite, Fourth Edition. New York, NY: McGRAW HILL INTERNATIONAL EDITION, p. 246, 2010.
2 IETF Std. RFC 1122, Requirements for Internet Hosts - Communication Layers, IETF, R. Braden, October 1989.
3 D. Yang, Introduction to information security, Seoul, Hanbit Academy. Inc, pp. 102-107, 2008.
4 IETF Std. RFC 5927, ICMP Attacks against TCP, IETF, F. Gont, July 2010.
5 K. J. Yoo, E. G. Kim, "A study on the outbound traffic controller for prevention of ICMP attacks," in The 40 th Conference of KIICE, Daejeon, pp. 1-3, 2016.
6 T. hirokazu, O. iturou, Y. isaku, Linux kernel 2.6 structure and principles, Seoul, Hanbit Media Inc., pp. 460-503, 2007.
7 M. Tulloch, Microsoft Encyclopedia of Security, Redmond, Microsoft Press Pub., pp. 138-247, 2003.
8 J. Erickson, Hacking: the art of exploitation, 2nd Edition, Seoul, Acorn Pub, pp. 256-319, 2010.
9 L. Teo. (2000, December). Network Probes Explained: Understanding Port Scans and Ping Sweeps [Internet]. Available: http://www.linuxjournal.com/article/4234.
10 S. H. Kim, C. W. Yoon, Hacking and security, Seoul, youngjin.com Pub., pp. 50-251, 2003.
11 R. A. Grimes, Malicious mobile code, Sebastopol, O'Reilly Media, p. 312, 2001.
12 R. Rosen, Linux Kernel Networking-Implementation and Theory, Berkley, Apress Pub., 2014.
13 W. W. Gay, Linux socket programming by example, Indianapolis, Que Pub., pp. 118-120, 2000.
14 IETF Std. RFC 894, A Standard for the Transmission of IP Datagrams over Ethernet Networks, IETF, Charles Hornig, April 1984.