GEN:SID | 1:525 |
Message | BAD-TRAFFIC udp port 0 traffic |
Summary | This event is generated when UDP traffic to port 0 is detected. This should not be seen in normal UDP communications.
|
Impact | Denial of Service against Checkpoint Firewall 1 devices. Possible reconnaisance. This may be an attempt to verify the existance of a host or hosts at a particular address or address range.
|
Detailed Information | UDP traffic to port 0 is not valid under normal circumstances.
Certain versions of Checkpoints Firewall 1 are subject to a Denial of Service attack when UDP packets to port 0 are sent via VPN-1.
an indicator of unauthorized network use, reconnaisance activity or system compromise. These rules may also generate an event due to improperly configured network devices.
|
Affected Systems | Any
|
Attack Scenarios | The attacker could send packets to a host with a destination port of 0. The attacker might also be using hping to verify the existance of a host as a prelude to an attack.
|
Ease of Attack | Simple
|
Corrective Action | Disallow UDP traffic to port 0.
|
Additional References | CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0675
|
Rule References | bugtraq: 576
cve: 1999-0675
nessus: 10074
|