GEN:SID 1:441
Message ICMP Router Advertisement
Summary This event is generated when an ICMP Router Advertisement message is found on the network.
Impact  
Detailed Information Routers may use ICMP protocol 9 to advertise their information and presence on a network. Clients normally recieve this information from DNS if they use DHCP. Clients with statically assigned addresses do not need this information from an external source.

It may be possible for an attacker to craft a packet of this type in such a way as to change the routing information on a DHCP enabled client.
Affected Systems Microsoft Windows 98
    Sun Solaris 2.6, Sun OS 5.  
Attack Scenarios  
Ease of Attack Numerous tools and scripts can generate ICMP Address Mask Requests.
Corrective Action ICMP Type 9 should be blocked at the upstream firewall.  This type of ICMP request should never originate from a host outside of the protected network.
Additional References None

Rule References arachnids: 173