Jagannath University

Department of Computer Science and Engineering

M.Sc in Computer Science and Engineering (Evening) Program

Course Title: Internet Security and Policy

Course Code: CSE-5105

Submitted To: Dr. Mohammed Nasir Uddin

Submitted By: Al-Amin Shohag

Section: A

Merit:06

Student ID: M160305504

Session:Winter-2016

1
 Table of Contents

Chapter 1.Introduction to TCP/IP Protocol Suit

1.1Introduction
1.2 Layering
1.3Illustration of Communication process between Protocols

Chapter 2.Internet Protocol

2.1 Introduction
2.2 IP header Format

2
Chapter 3.Internet Control Message Protocol
3.1 Introduction
3.2 ICMP and IP relationship
3.3 ICMP Message
3.3. 1 ICMP Message Types
3.3.2 ICMP Message Field Analysis
3.3.3 ICMP Message Handling
3.4 Net/3 Implementation technique of ICMP messages

Chapter 4.Security Attacks

4.1 Different Types of Attacks
4.2 Steps of Attacking

3
Chapter 5.ICMP Misbehavior
5.1 Introduction
5.2 Purpose of Misbehaving
5.3 Ways of Misbehaving and Counter Measures

Discussion
Future Intend
Reference

4
Preface
Internet Control Message Protocol abbreviated as ICMP is a network layer protocol. It is an integral
part of IP and uses the basic support of IP as if it were a higher level protocol but however it must be
implemented by every IP module. Basically ICMP is a message service about the errors, request and
reply of the IP datagram processing. But this message service can be used by an attacker to get
information about a targeted machine. Thus ICMP can be misused. This misbehavior of ICMP is a
great matter of concern for the network system administrators. Though this paper is all about ICMP
misbehavior but it will also demonstrate the basic relationship of ICMP with other protocols in brief.

5
 Chapter 1. Introduction to TCP/IP Protocol Suit
1.1 Introduction

The TCP/IP protocol suite allows computer of all sizes, from many different computer vendors running
totally different operating systems to communicate with each other. It is an open system in that the definition
of the protocol suite and many of its implementations are publicly available at little or no change. It forms
the basis for what is called the worldwide Internet or the Internet a wide area network.

1.2 Layering
Networking protocols are normally developed in layers, with each layer responsible for a different facet of
the communications. A protocol suit such as TCP/IP is the combination of different protocols at various
layers. TCP/IP is normally considered to be a 4-layer system. Each layer plays a different role for
establishing communication. The four layers as follows:
Application Layer Telnet, FTP, SMTP, NNTP, LPD, NFS, SNMP,
HTTP and others
Transport Layer TCP, UDP

Network Layer ICMP, BootP, IP, ARP, RARP

Data Link Layer Ethernet, Token Ring, FDDI, Frame Relay, ATM and
others

Fig: Layers and respective protocols in association with layers.

6
 Every layer has its own responsibility. The roles played each layer are given below:

Application Layer Handles all the details of the particular application

Transport Layer Provides a flow of data between two hosts for the
application layer above
Network Layer Handles the movement of packets around the
network. That is, the routing of packets.

Data link Layer Includes the device driver in the operating system
and corresponding network interface in the
computer.
Handles all the hardware details of physically
interfacing with the cable.

Fig: Layers and Respective Responsibilities

1.3 Illustration of Communication process between Protocols

Communication process between layers can be divided into two ways. One process happens at the sender
end and other that happens at the receiver end. The communication process can be depicted as below:

7
User Process User Process User Process User Process

UDP
TCP

IP IGMP
ICMP

Hardware Interface
ARP
RARP

Media

Fig: Communication process between protocols

8
 Chapter 2.Internet Protocol

2.1 Introduction
IP is a workhorse protocol of the TCP/IP protocol suite. All TCP, UDP, ICMP and IGMP data gets transmitted as
IP datagrams. IP provides an unreliable connectionless datagram delivery service. By reliable we mean there are no
guarantees that an IP datagram successfully gets to its destination. IP provides a best efforts service. The term
connectionless means that IP does not maintain any state information. Each datagram is handled independtly from
all other datagram.

IP implements two basic function addressing and fragmentation. The internet modules use addresses carried in the
internet header to transmit internet datagrams toward their destination. The modules also uses fields in the internet
header to fragment and reaassmle internet datagrams when necessary for transmission through “small packets”
networks.

2.2 Internet Datagram Header Format

The normal size of IP header is 20 bytes or 160 bits unless options are present. The 160 bits are further divided into
5 segments of 32 bits each or we can say 4 bytes of each. The 4 bytes in the 32- bit value are transmitted in the
order bits 0-7 first, 8-15, then 16-23 and bits 24-31 last. This is called big endian byte ordering. The internet
header format is depicted as bellow:

9
0 7 8 15 16 31
Version Header length Type of service Total length

4 bits 4 bits 8 bits 16 bits

Identification Flags Fragment Offset

16 bits 3 bits 13 bits

Time to live Protocol Checksum

8 bits 8 bits 13 bits

Source IP address

32 bits

Destination IP address

32 bits

Option Padding

Fig: Internet Datagram Header

10
2.3 Internet Header analysis
Different fields in the internet header plays different role in processing the IP datagram. The IP header fields and
role played by each fields are given below:
Fields Size(bit) Descriptions Cases
Version 4 Describes the version of 0=Reserved
internet Protocol. Current 1-3=Unassigned
Version of IP is 4
4=IP
5=ST
6=IP
7=TP/IX
8=PIP
9=TUBA
10-14=Unassigned
15=Reserved
Header Length 4 Internet header length is The minimum value for a correct header is 5
the length of the internet
header in 32 bit words.
Type of Service 8 Used to specify the Service Parameters:
treatment of the datagram Precedence:(0-2) 111=network control;
during its transmission
through the internet
110=Internetwork control
system 101=Critic ECD
100=Flash Override
011=Flash
010=Immediate
001=Priority
000=Routine

Delay:3 (0=normal; 1= low)

Throughput:4 0= normal ; 1=high

11
 Reliability:5 (0=normal 1= high)
Reserved: 6-7
Total Length 16 The length of the datagram Allows 65535 bytes
measured in bytes MTU is 576 bytes
including header and data.
Identification 16 To aid in assembling the Assigned by the sender
fragments of a datagram
Flags 3 This flags are control flags Bit 0: Reserved
Bit 1: 0=May Fragment; 1=Don’t fragment
Bit 2: 0=Last Fragment; 1=More Fragments
Fragment Offset 13 Indicates where in the For an MTU of 1,500 bytes and a header size of
datagram this fragment 20 bytes, the fragment offsets would be
belongs
multiples of (1500–20)/8 = 185 of 8 bit blocks
Time to Live 8 Indicates the maximum This field is used as hop count for the arrival of
time the datagram is datagram for a router
allowed to remain in the
internet system
Protocol 8 Indicates the next level Ranges from 0-255
protocol used in the data Assigned number for familiar Protocols
protion of the internet
datagram
1= ICMP
2=IGMP
4=IP
6=TCP
9=IGP
17=UDP
88=IGRP etc

Checksum 13 The checksum field is the For example, consider Hex

16-bit one’s complement 4500003044224000800600008c7c19acae241e2b
of the one’s complement
sum of all 16 bit words in
(20 bytes IP header), using a machine which
the header uses standard two's complement arithmetic:

Step 1) 4500 + 0030 + 4422 + 4000 + 8006 +

0000 + 8c7c + 19ac + ae24 + 1e2b = 0002BBCF
(32-bit sum)

12
 Step 2) 0002 + BBCF = BBD1 =
1011101111010001 (1's complement 16-bit
sum, formed by "end around carry" of 32-bit 2's
complement sum)
Step 3) ~BBD1 = 0100010000101110 = 442E
(1's complement of 1's complement 16-bit sum)

To validate a header's checksum the same

algorithm may be used – the checksum of a
header which contains a correct checksum field
is a word containing all zeros (value 0):

4500 + 0030 + 4422 + 4000 + 8006 +

0000 + 8c7c + 19ac + ae24 + 1e2b +
442E = 2BBCF + 442E = 2FFFD
0002 + FFFD = 0000

Source IP Address 32 ---------- -----------------------------------------

Destination IP Address 32 ----------- -----------------------------------------
Option Variable length Must be implemented but Case 1: A single byte of option type
Transmission is optionalCase 2: An option type byte, an option length
byte and the actual option data bytes.
The option type byte:
1 bit copied flag. 0=not copied ; 1=copied
2 bits option flag
5bits option number
Padding Variable Used to ensure that the The padding is zero
internet
header ends on a 32 bit
boundary
Fig: Internet header field analysis

13
 Chapter 3.Internet Control Message Protocol

3.1 Introduction
ICMP is a kind of message service about the packet being sent to a reciver by a sender. This message service
provides reports about errors in datagram processing and replys of ICMP quary messages. As soon as TCP/IP
encounters a data transfer error, ICMP is used to inform the sender, the reciver and user process abot the details of
the error. As a result, it is often known as the Network Problem Diagnosis protocol.

3.2 ICMP and IP relationship

ICMP uses the basic support of IP as it were a higher level protocol. But it is an intregral part of IP and must be
implemented by every IP module. It has its own transport protocol number that is 1 allowing its messages to be
carried within an IP datagram. It always include IP header along with at least the firt 8 bytes of the data from the
initial fragment of the IP datagram that caused the error. The standard assumes that the 8 bytes includes any
demultiplexing information from the transport protocol header of the original packet, which allows a transport
protocol to deliver an ICMP message to the correct process. The internet protocol is not designed to be absolutely
reliable. The purpose of these control messages is to provide feedback about problems in communication
environment not to make IP reliable.

IP header ICMP message

20 bytes
Fig: ICMP messages Encapsulated within an IP datagram

14
3.3 ICMP Message
We can divide the ICMP messages into two classes : errors and queries. Query messages are defined in pairs: a
request and its reply. Messages can be sent in several situations: such as, when a datagram cannot reach its
destination, when the router does not have the buffering capacity to forward a datagram and the router can direct
the host to send traffic on a shorter route. There are also many other situations when ICMP messages are not sent:
such as, no ICMP messages about ICMP messages, a datagram destined to an IP broadcast address or an IP
multicast address, a datagram sent as a link layer broadcast, a fragment other than the first and datagram whose
source addres does not define a single host. Typical ICMP messages look like this below:

0 7 8 15 16 31
Type Code Checksum

8-bit 8-bit 16-bit

Contents depending type and code

Fig: Typical ICMP message

15
3.3.1 ICMP Message Types

Depending on errors in processing the datagram ICMP message service provides many different types of messages.
The format of the messages are also different. ICMP messages types are shown below:
Serial Messages types
01. Echo request and reply
02. Information request and reply
03. Address mask request and reply
04. Parameter proble message
05. Redirect message
06. ICMP traceroute
07. Time exceed
08. Routing advertisement
09. Router solicitation
10. Datagram conversion error
11. Mobile Host redircet
12. Ipv6 where are you and I am here message
13. Mobile registration request and reply
Fig: ICMP message types

3.3.2 ICMP Message Field Analysis and process and massage handling

ICMP message format has many different fields to specify certain message service. Few of this fields are common
to all ICMP messages but others vary from message to message. These fields are:

Fields Message Type

Type Common to all message type
Code Common to all message tpye
Checksum Common to all message type
Pointer Parameter problem message

16
 Gateway internet address Redirect message
Identifier Timestamp reply and request message
Information reply and request message
Echo reply and request message
Address mask reply and request message
Sequence Number Timestamp reply and request message
Information reply and request message
Echo reply and request message
Address mask reply and request message
Originate Timestamp Timestamp Reply and request message
Transmit Timestamp Timestamp Reply and request message
Router Address ICMP router advertisement message
Preference Level ICMP router advertisement message
Address Mask Address mask reply and request message
Outbound Hop Count ICMP trace route message
Return Hop Count ICMP trace route message
Outbound Link Speed ICMP trace route message
Outbound Link MTU ICMP trace route message
Pointer to a problem area Conversion failed ICMP message
Copy to datagram that could not be converted Conversion failed ICMP message
ID number ICMP trace route message
Unused Destination unreachable message
Time Exceed message
Internet Header plus 64 bits of original data datagram Source quence message
Time exceed message
Destination unreachable message
Parameter problem message
Fig: Fields of ICMP message format

Type and code fields has their respective responsibilities in selecting message types. Type value is used for main
error message and code is used for suberror message. The code value is also used for specifing identifier and
sequence number field role in the ICMP message formation. The selection is done according to table value:

17
Type Value Service Name Code Value Case Handled by
0 Echo Reply 0 If code=0 , an identifier User process
to aid in matching
request and reply, may
be zero
If code=0 ,a sequence
number to aid in
request and reply may
be zero
1 Unassigned --------------------------- --------------------------
2 Unassigned --------------------------- --------------------------
3 Destination 0=Net unreachable No route to
unreachable 1=Host unreachable host
2=Protocol unreachable Connection
3=Port unreachable refused
4=Fragmentation needed Message too
and DF set long
5=Source route field
6=Destination network
unknown
7=Destination host
unknown --------------------------
8=Source host isolated
9= Communication with
destination network is
administratively
prohabited
10= Communicatively
prohabited
11=Destination network
unreachable for type of
service
12= Destination host
unreachable for type of
service
4 Source Quench 0 Kernel for
TCP, ignored
by UDP

18
5 Redirect 0=Redirected datagrams Kernel updates
for the network routing table
1=Redirect datagrams for
the host
2=Redirect datagram for
the type of service and
network --------------------------
3=Redirect datagrams for
the type of service and
host
6 Alternate 0=Alternate address for
host
7 Unassigned --------------------------
8 Echo 0 If code=0 , an identifier Kernel
to aid in matching generates reply
request and reply, may
be zero
If code=0 ,a sequence
number to aid in
request and reply may
be zero
9 Router advertisement 0 -------------------------- User process
10 Router solicitation 0 User process
11 Time exceeded 0=Time to live exceeded -------------------------- User process
in transit
1= Fragment reassembly
time exceeded
12 Parameter problem 0=Pointer indicates the If code=0, identifies the Protocol not
error bytes where an error available
1= Missing a required was detected
option
2=Bad length
13 Timestamp 0 If code=0 , an identifier Kernel
to aid in matching generates reply
timestamp and reply,
may be zero
If code=0 ,a sequence
number to aid in
timestamp and reply
may be zero

19
14 Timestamp reply 0 If code=0 , an identifier User process
to aid in matching
timestamp request and
reply, may be zero
If code=0 ,a sequence
number to aid in
request and reply may
be zero
15 Information request 0 If code=0 , an identifier Ignored
to aid in matching
request and reply, may
be zero
If code=0 ,a sequence
number to aid in
request and reply may
be zero
16 Information reply 0 If code=0 , an identifier User process
to aid in matching
request and reply, may
be zero
If code=0 ,a sequence
number to aid in
request and reply may
be zero
17 Address mask 0= Address mask request If code=0 , an identifier Kernel
request to aid in matching generates reply
request and reply, may
be zero
If code=0 ,a sequence
number to aid in
request and reply may
be zero
18 Address mask reply 0=Address mask reply If code=0 , an identifier User process
to aid in matching
request and reply, may
be zero
If code=0 ,a sequence
number to aid in
request and reply may
be zero

20
 19 Reserved(for -------------------------- -------------------------- ------------------
security)
20-29 Reserved -------------------------- -------------------------- ------------------
30 Traceroute 0=Outbound packet -------------------------- -----------------
sucessfully forwarded
1= No route for outbound
packet
31 Datagram conversion 0=Unknown/unspecified ------------------
error error
1= Don’t convert option
present
2=Unknown unsupported
option present --------------------------
4=unsupported transport
protocol
5=overall length
exceeded
6=Ip header length
exceeded
7=Transport protocl>255
8=Port conversion out of
range
9=Transport header
length exceeded
10= 32 bit rollover
missing and ask set
11=Unknown mandatory
transport option present
32 Mobile host redircet ------------------------- -------------------------- ------------------
33 IPv6 Where are you ------------------------- -------------------------- ------------------
34 Ipv6 I am here ------------------------- -------------------------- ------------------
35 Mobile registration ------------------------- -------------------------- ------------------
request
36 Mobile registration -------------------------- -------------------------- ------------------
reply
37-255 Reserved --------------------------- -------------------------- ------------------

Fig: Type and Code values

21
All the request and reply messages use both source and destination address. In reply messages the destination
address becomes the source address and vice versa.

ICMP checksum is calculated using the same way as it is done in internet header which already been discussed in
chapter 2.

3.4 Net/3 Implementation technique of ICMP

In section 3.3 we discussed basic format of ICMP messages. To produce this messages we can use basic C
programming language. Net/3 implementation technique of ICMP is discussed in this section. The basic working
process would be look like this:

ICMP message Intermediate Sending back to the

recived by reciver processing by the sender
reciver

Fig: Block diagram of implementing process

22
Intermediate process would follow this steps:

Step1: A input process would be called

Step2: Input process would call input processing functions

Step3: Input Processing function would process ICMP messages

Step4: A output process would be called

Step5:Output process would call output processing functions

Step6: A send function would be called to send the message

All this would be done by a reciver.

Chapter 4.Security Attacks

4.1 Different Types of Attacks

Computer-Related crimes have significantly increased in the last few years. It is becoming more and more difficult
for administrators around the world to secure systems against cyper crime. Although it is impossible to provide
foolproof security to a system, it is a good idea to keep abreast of the most dangerous attacks commonly used by
attackers. Some of the most common attacks used by computer criminals across the world include the following:

23
 1. Denial of service(DOS) attacks
2. IP spoofing attacks
3. Password cracking attacks
4. Windows attacks
5. UNIX attacks
6. Trojan attacks
7. Input validation attacks
8. Buffer overflows
9. Log file hacking

4.2 Steps of Attacking

Attacking involves steps such as:

1. Gathering Information for the attack

2. Excuting the attack

24
 Chapter 5.ICMP Misbehavior

5.1 Introduction
As we knew from chapter 4 that our inter network system is not safe by any means. Attackers try to attack our
systems to achieve their certain purposes.They do this using not by any new implementation technique but using
existing network system and protocol used for implementing the network system. ICMP is one of such favourite
protocols used by the attacker to achieve attacking goals. In chapter 3 we introduced ICMP which incoperates IP
discussed in chapter 2. In this chapter we will discuss how ICMP protocl is used for attacks. And when Attackers
use ICMP for attacks, it is called ICMP misbehavior.

5.2 Purpose of Misbehaving

From chapter 4 we knew about the steps of attack and one of the steps is information gathering of attack. Basically
attackers use ICMP for gathering information about the targeted system. The information can be many types such
as:

1. Information about system being alive

2. OS detection of the targeted system
3. Firewall Enumeration

25
5.3 Ways of Misbehaving and Counter Measures
As we can see there are three basic purpose of ICMP misbehaving, we will discuss each individually and how can
we take counter measures so that misbehaving may not occur.

Information about system being alive

there are many ways of knowing if the system is alive. It can be done using Ping probes, timestamp scanning,
subnet address scanning.

Ping probes

Ping probes uses echo request and reply message service of the ICMP to know if the system is alive or not. To do
so attacker may follow the steps below:

1. The attacker initialiese an echo request message, placing the value of the process ID of the sending prcocess
in the Identifier field, sequence number in the sequece nmber field and sombe binary data in the other
optional data field.
2. On receiving the request, the target system returns system returns the contents of the Identifier, Data and
Sequence Number fields in theform of an echo reply message.
3. When the attacker receives this message, ti deduces that the target system is alive

Implementation: C:\>ping www.google.com

Counter measure

Implementing ACL : access-list 101 deny icmp any any 8

26
 Timestamp scanning

Timestamp request and reply can also be used for the purpose of knowing the system being alive. To do so attacker
may follow the steps below:

1. The attcker initializes a timestamp request message, entering the time at which the message was sent in the
originate Timestamp field.
2. On receiving the request, the target system enters the time at which the message was received in the Receive
Timestamp field.
3. The time at which the target sytem sends back the timestamp reply message is recorded in the Transmit
Timestamp field.
4. When the sender receives this message, it deduces that the target system is alive.

Implemention: Need UNIX box and a utility namely icmpquery.

#shohag icmpquery-t xx.xx.xx.xx
xx.xx.xx.xx:04:15:19
Counter measure: Implementing ACL
access-list 101 deny icmp any any 13
access-list 101 permint icmp icmp xx.xx.xx.xx 0.0.0.255 any 13

27
 Subnet Address scanning

Address mask request and reply can be used for the purpose of knowing the system being alive. To do so attackers
may follow the steps below:

1. The attacker initializes an address mask request message, placing the value of the process ID of the sendign
process in the Identifier field and a sequence number in the Sequence field. This message is sent to the
broadcast address of the network in which the target system resides.
2. On receiving the request, the target system returns the contents of the Identifier and Sequecnce Nuber fields
unchanged, with additional data in the form of the system’s subnet mask in the Subnet Mask field, in an
ICMP address mask reply message.

Implementation: using icmpquery utility to initiate ICMP address mask requests.

#shohag icmpquery-m xx.xx.xx.xx

xx.xx.xx.xx: The subnet Mask Here

Counter measure: Implementing ACL

access-list 101 deny icmp any any 17

access-list 101 permit icmp xx.xx.xx.xx 0.0.0.255 any 17

28
 OS detection of the targeted system

Each operating system responds differently to various kinds of ICMP messages due to differences in kernel
configuration and settings. This means that attackers can use ICMP messages to determine the OS and the OS
version running on the targeted system. It can be done using ICMP error message quoting , ICMP error message
quenching and ICMP error message echo integrity.

ICMP error message qouting

Each time an error is encoutered in the data transfer process, the remote host calls upon ICMP to generate an
ICMP error message. Different operating systems quote different amounts of information in the error messages
that are generated. By analyzing the error messges sent by the remote host, attacker may be able to deduce the
remote systems’s OS.

ICMP error message quenching

Generally the operating systems use to limit the rate at which error messages are sent. One way to use as an
advntage is to send UDP packets to a random unused port to force the remote host to reply with an ICMP
Unreachable error message. If you then count the number of replies sent from the remote host to your system in
a given amount of time, you can determine which operating system is running on it.

ICMP error message echo integrity

Certain systems are known to alter the IP headers of the ICMP error messages they send. If you analyze the
extent and type of alterations made by the remote system in the IPO header, attacker can deduce to a certain
extent the operating system running on the target system.

29
Counter measure

Filtering the packets at the firewall or router level.

Advanced OS detection

Advance OS detection technique involves sending difficult- to –filter malformed packets instead of sending
easy-to-detect customized packets to the remote host. To do so attackers may follow the steps below:

1. The attacker sends malformed packets to the target system. The malformed packets should be of a type that
is unlikely to be filtered outby a rule-set, should be capable of prompting the target system to respond to
them with an error messge.
2. The target system is unable to handle the malformed packets it receives, and generates an ICMP message
that is sent to the attacker’s system. Because 99 percent of rule-sets are configured to filter only incoming
ICMP messages, the ICMP message generated by the target host is allowed to pass through unscrutinized.
3. The source system receive the ICMP message form the arget and uses a sniffing tool to examine the various
fields of the IP datagera. By comparing the values of certin fields in the ICMP message with known
corresponidng values in ICMP messages sent from systems with a known OS, the operating system of the
target system can be determined.

30
 Firewall Enumeration

If most of the ICMP messages that attacker send to a target system do not invoke a response, then attacker must
deduce whether the target network is usng a filtering device or a firewall that’s blocking the passage of
attacker’s messages.

Detecting filtering devices

To detect the presence of a filtering device, send a packet containing an unimplemented protocol number to the
target system. If the target system receives the packet, it will alsmost certainly respond with a Portocol
Unreachable error message. If you receive such a meassage, then most likely there no filtering deviced installed
on the target system.

Detecting fairwalls

If attacker suspects that the target system’s network has a firewall installed that filters out unwanted packets,
then one can use traceroute to detect its presence. The tarceroute tools uses ICMP Time to Live Execceded in
Transit and Port Unreachable error messages as wel as the itme to live field in the IOP headre to terace the route
form your system to the taget system.

31
 Implementation

To implement attaker can use traceroute utility to detect a firewall

Host#taraceroute xyz.com

traceroute to xyz.com (202.xx.12.34), 30 hops max, 40 byte packets

1. isp.net( 202.xy.34.12) 20ms 10ms 10ms

2. xyz.com(202.xx.34) 130ms 130ms 130ms

Counter measure

Implementing ACL: access-list 101 deny ip any any 11

Discussion
All this information gathered here will be helpful for future work. Real time experiment of attacking is not done.
ICMP implementation using C programming is not done. How TCP/IP implementaton using C programming can
be used for attacking is not clear. Although the assignment was on ICMP misbehavior , I felt the need to know
many other topics related to ICMP misbehavior.

32
Future Intend
To know more about construction TCP/IP protocol suit and attacks against the suit.

To implement the TCP/IP protocol using C programming language and run in real time.

To experiment with the techniques discussed here for ICMP misbehavior for the learning purpose

To attack a close friend whole heartedly for fun

Reference
[1] Network Security : A Hacker’s Perspective By Ankit Fadia

[2] TCP/IP Illustrated Volume 1 by W. Richard Stevens

[3] TCP/IP Illustrated Volume 2 by Gary R. Wright, W. Richard Stevens

[4] RFC 792

[5] RFC 791

[6] RFC 791

[7] RFC 1256

[8] RFC 1700

[9] RFC 1788

[10] RFC 4065

[11] RFC 2521

33
34