Exploitation of ICMP Time Exceeded Packets for A Large-Scale Router Delay Analysis

Exploitation of ICMP Time Exceeded Packets for A Large-Scale Router Delay Analysis

Ali Gezer1 and Gary Warner2

1Electronic and Telecommunication Technology, Kayseri University, Turkey

2Computer Science, University of Alabama at Birmingham, US

Abstract: Internet Control Message Protocol Time-Exceeded (ICMP-TE) time exceeded packets are particular communication protocols to express inaccessibility of nodes in terms of hop count limitations. With the Internet of Things (IoT) concept taking more space in our daily life, accessibility or in some manners inaccessibility of hosts should be analysed more carefully. ICMP time exceeded packets might be hand of an attacker, sometimes an indicator of compromise for a possible IoT Botnet attack or a tool for delay measurement. In this study, with the exploitation of ICMP time exceeded packets, we analyse Round Trip Time (RTT) delays of randomly distributed IP routers around the globe. We conduct a comprehensive delay analysis study considering the delay results of more than 1 million time exceeded packets taken in return for subject ICMP requests. To prove ICMP time exceeded packets might also be a signature for a possible IoT Botnet attack, we carry out a secure experiment for Mirai IoT Botnet scanning and exhibit the indicators to differentiate these two possible usages.

Keywords: ICMP time exceeded packet, iot botnet, Mirai botnet, rtt delay, performance analysis, quality of service.

Received April 19, 2018; accepted June 17, 2019
Full text    
Read 3221 times Last modified on Sunday, 20 October 2019 01:21
Share
Top
We use cookies to improve our website. By continuing to use this website, you are giving consent to cookies being used. More details…