GEN:SID | 1:441 |
Message | ICMP Router Advertisement |
Summary | This event is generated when an ICMP Router Advertisement message is found on the network.
|
Impact | |
Detailed Information | Routers may use ICMP protocol 9 to advertise their information and presence on a network. Clients normally recieve this information from DNS if they use DHCP. Clients with statically assigned addresses do not need this information from an external source.
It may be possible for an attacker to craft a packet of this type in such a way as to change the routing information on a DHCP enabled client.
|
Affected Systems | Microsoft Windows 98 Sun Solaris 2.6, Sun OS 5.
|
Attack Scenarios | |
Ease of Attack | Numerous tools and scripts can generate ICMP Address Mask Requests.
|
Corrective Action | ICMP Type 9 should be blocked at the upstream firewall. This type of ICMP request should never originate from a host outside of the protected network.
|
Additional References | None
|
Rule References | arachnids: 173
|