GEN:SID | 1:499 |
Message | ICMP Large ICMP Packet |
Summary | This event is generated when a large ICMP packet is detected. Also known as the "Ping of Death".
|
Impact | Denial of Service (DoS) by system crash or bandwidth utilisation.
|
Detailed Information | Some implementations of the IP stack may result in a system crash or may hang when a large ICMP packet is sent to them. Alternatively a large number of these packets may result in link saturation, especially where bandwidth is limited.
This attack was prevalent a number of years ago when the TCP/IP stack of a number of operating systems could not handle large packet payloads.
|
Affected Systems | Multiple older systems.
|
Attack Scenarios | A malicious individual may send a series of large ICMP packets to a host with the intention of either crashing or hanging the host, or to saturate the available bandwidth.
|
Ease of Attack | Simple.
|
Corrective Action | |
Additional References | ICMP Traffic - Seth Stein http://www.wfu.edu/~steinsj5/work/icmp.html
|
Rule References | arachnids: 246
|