GEN:SID | 1:1627 |
Message | BAD-TRAFFIC Unassigned/Reserved IP protocol |
Summary | This event is generated when packets on the network are using an unassigned or reserved IP protocol.
|
Impact | Possible prelude to system compromise.
|
Detailed Information | Under normal circumstances IP packets do not use unassigned or reserved protocols.
an indicator of unauthorized network use, reconnaisance activity or system compromise. These rules may also generate an event due to improperly configured network devices.
|
Affected Systems | All
|
Attack Scenarios | The attacker may send specially crafted packets using an unassigned or reserved protocol.
|
Ease of Attack | Simple
|
Corrective Action | Use a packet filtering device to reject packets using an unknown protocol.
|
Additional References | IANA http://www.iana.org/assignments/protocol-numbers
|
Rule References | url: www.iana.org/assignments/protocol-numbers
|