GEN:SID | 1:450 |
Message | ICMP Time-To-Live Exceeded in Transit undefined code |
Summary | This event is generated when an ICMP "Time Exceeded" message is generated that has an invalid ICMP code.
|
Impact | Informational. This may indicate that the ICMP message has been crafted.
|
Detailed Information | An ICMP "Time Exceeded" message is issued when either the maximum number of hops has been exceeded or a timer has expired before all fragments have been received. The ICMP code value for this message should be 0 or 1. If a value of greater than 1 for the ICMP code is observed, it may be an indication that the packet was crafted with an invalid value.
|
Affected Systems | This traffic should have no adverse impact.
|
Attack Scenarios | An attacker may craft an ICMP "Time Exceeded" message with an invalid ICMP code. A single packet itself is not harmful, but the unusual ICMP code may indicate that this packet was abnormally generated.
|
Ease of Attack | Simple. There are many packages available to generate ICMP messages.
|
Corrective Action | If a host or device in your network is generating this message, investigate why it does not have a standard ICMP code.
|
Additional References | |