Packet Tuesday - Large ICMP Errors

Channel:
United States SANS Cyber Defense
Subscribers:
23,600
Published on ● Video Link: https://www.youtube.com/watch?v=z9jk8Bbf4_o


Duration: 29:18
474 views
18

RFC 792 is very specific in how long an ICMP error message should be. In this episode, we will hunt for packets that do not comply with this specification and talk about why they deviate from it.

Notes:
SEC503 Network Monitoring and Threat Detection In-Depth: https://www.sans.org/u/1obN

RFCs:
RFC 792: ICMP https://www.rfc-editor.org/rfc/rfc792
RFC 795: Type of Service https://www.rfc-editor.org/rfc/rfc795
RFC 2474: Differentiated Services https://www.rfc-editor.org/rfc/rfc2474
RFC 9000: QUIC https://www.rfc-editor.org/rfc/rfc9000

Packet: https://packettuesday.com/pcaps/bigicmp.pcap



Other Videos By SANS Cyber Defense


2023-05-30Why YOU Should Attend SANS Blue Team Summit 2023
2023-05-29Strategy 4: Hire AND Grow Quality Staff | SANS Blueprint Podcast
2023-05-22Strategy 3: Build a SOC Structure to Match Your Organizational Needs | SANS Blueprint Podcast
2023-05-17Tactical Tripwires
2023-05-15Strategy 2: Give the SOC the Authority to Do Its Job | SANS Blueprint Podcast
2023-05-11What You Will Learn in SEC406: Linux Security for InfoSec Professionals
2023-05-08Strategy 1: Know What You Are Protecting and Why | SANS Blueprint Podcast
2023-05-08Fundamentals: 11 Strategies of a World-Class SOC | SANS Blueprint Podcast Season 4 Intro
2023-04-06The New OSINT Cheat Code: ChatGPT
2023-02-07Packet Tuesday - Most Frequent DNS Query ID
2023-01-31Packet Tuesday - Large ICMP Errors
2023-01-26AI, Data Science, and Machine Learning Training for Cybersecurity Professionals with SANS SEC595
2023-01-24Packet Tuesday - IPv6 Neighbor Discovery
2023-01-17Packet Tuesday - IPv6 Router Advertisements
2023-01-11Network Monitoring Training with SEC503 Network Monitoring and Threat Detection In-Depth
2023-01-10Packet Tuesday - NTP
2023-01-03Packet Tuesday - IP Options
2022-12-20Packet Tuesday - TLS Server Hello
2022-12-13Packet Tuesday - FreeBSD Ping Vulnerability
2022-12-08Baby Steps to the Future: Evolving into the Next-Gen SOC
2022-12-07Don't Relay Me: Empirically Diagnose Privilege Escalation via Active Directory Account Sighting


Tags:
cyber defense
cyber defenders
icmp
icmp errors
large icmp errors
network monitoring
threat detection
threat detection course
threat detection training
network monitoring course
network monitoring training
johannes ullrich
dr. johannes ullrich
sans sec503
sec503 network monitoring and threat detection
network monitoring and threat detection in-depth