GEN:SID | 1:368 |
Message | ICMP PING BSDtype |
Summary | This event is generated when an ICMP echo request is made from a Berkeley Systems Development (BSD) host.
|
Impact | Information gathering. An ICMP echo request can determine if a host is active.
|
Detailed Information | An ICMP echo request is used by the ping command to elicit an ICMP echo reply from a listening live host. An echo request that originates from a host running a BSD TCP/IP networking stack such as FreeBSD, NetBSD, or OpenBSD, will contain a unique payload in the message request.
|
Affected Systems | All
|
Attack Scenarios | An attacker may attempt to determine live hosts in a network prior to launching an attack.
|
Ease of Attack | Simple
|
Corrective Action | Block inbound ICMP echo requests.
|
Additional References | Arachnids: http://www.whitehats.com/info/IDS152
|
Rule References | arachnids: 152
|