GEN:SID | 1:443 |
Message | ICMP Router Selection |
Summary | This event is generated when an ICMP Router Selection message is found on the network.
|
Impact | |
Detailed Information | ICMP Address Mask Requests are defined in RFC 950 as the third method hosts may support for determing the address mask correspoding to its IP address. In most implementations this method is not supported, and should not be normal traffic on most networks.
|
Affected Systems | |
Attack Scenarios | Attackers may use this ICMP Type to gather information about the subnet masks of a given network.
|
Ease of Attack | Numerous tools and scripts can generate ICMP Address Mask Requests. |
Corrective Action | ICMP Type 17 should be blocked at the upstream firewall. This type of ICMP request should never originate from a host outside of the protected network. |
Additional References | None
|
Rule References | arachnids: 174
|