A method of preventing an attack on a network, the method comprising the
computer-implemented steps of receiving an ICMP packet that includes a
copy of a header associated with a connection in a connection-oriented
transport protocol; obtaining a packet sequence value from the header;
determining if the packet sequence value is valid; and updating a
parameter value associated with the transport protocol connection only if
the packet sequence value is determined to be valid. Use of the disclosed
method enables authenticating ICMP packets so that responsive measures of
a network element, such as adjusting an MTU value, are performed only
when the ICMP packet is determined to be authentic.