Exploitation of ICMP Time Exceeded Packets for A Large-Scale Router Delay Analysis

Internet Control Message Protocol Time-Exceeded (ICMP-TE) time exceeded packets are particular communication protocols to express inaccessibility of nodes in terms of hop count limitations. With the Internet of Things (IoT) concept taking more space in our daily life, accessibility or in some manners inaccessibility of hosts should be analysed more carefully. ICMP time exceeded packets might be hand of an attacker, sometimes an indicator of compromise for a possible IoT Botnet attack or a tool for delay measurement. In this study, with the exploitation of ICMP time exceeded packets, we analyse Round Trip Time (RTT) delays of randomly distributed IP routers around the globe. We conduct a comprehensive delay analysis study considering the delay results of more than 1 million time exceeded packets taken in return for subject ICMP requests. To prove ICMP time exceeded packets might also be a signature for a possible IoT Botnet attack, we carry out a secure experiment for Mirai IoT Botnet scanning and exhibit the indicators to differentiate these two possible usages