GEN:SID 1:476
Message ICMP webtrends scanner
Summary This event is generated when Webtrends Security Scanner generates an ICMP echo
request message.
Impact ICMP echo requests are used to determine if a host is running at a
specific IP address.  A remote attacker can scan a large range of hosts
using ICMP echo requests to determine what hosts are operational on the
network.
Detailed Information Webtrends Ecurity Scanner generates a ICMP Echo Request message containing the
following hex signature:

|00000000454545454545454545454545|

By searching for this string in a packet, it is possible to determine
the type of host that generated the request.
Affected Systems  
Attack Scenarios A remote attacker might scan a large range of hosts using ICMP echo
requests to determine what hosts are operational on the network.
Ease of Attack Simple.  The "ping" utility found on most operating systems can generate
these types of ICMP messages.
Corrective Action To prevent information gathering, use a firewall to block incoming ICMP
Type 8 Code 0 traffic.
Additional References http://www.whitehats.com/info/IDS307

Rule References arachnids: 307