The Internet Control Message Protocol (ICMP) is the maintenance protocol of the internet. It is primarily used for error reporting and determining connectivity between devices. This is extremely useful to system administrators trying to diagnose connection issues. Like anything however, ICMP can be abused by people with malicious intent.
In this webcast, we will briefly cover the common legitimate applications of ICMP such as ping and Traceroute. Then delve into the ways in which attackers can leverage ICMP to further a malicious agenda. We will examine ICMP at the packet level as well as look at malicious uses of it, covering both historical and modern attacks. Significant attention will be given to ICMP traffic anomalies, command and control, and how to detect these.