GEN:SID | 1:407 |
Message | ICMP Destination Unreachable cndefined code |
Summary | This event is generated when An ICMP Destination Unreachable datagram is detected on the network with an undefined ICMP Code.
|
Impact | ICMP Codes for Destination Unreachable datagrams are defined in RFC 792 and RFC 1812. The datagram that generated this event is not defined in either of these RFCs. This could be an indication of a DoS (Denial of Service) attempt against the network.
|
Detailed Information | This rule generates informational events about the network. Large numbers of these messages on the network could indication routing problems, faulty routing devices, improperly configured hosts, or an attempted DoS.
|
Affected Systems | |
Attack Scenarios | Invalid or undefined ICMP codes should never be seen in normal network conditions. A remote attacker could be generating these packets in an attempt to cause an DoS.
|
Ease of Attack | Numerous tools and scripts can generate these types of ICMP datagrams.
|
Corrective Action | This rule detects informational network information, no corrective action is necessary.
|
Additional References | None
|