GEN:SID | 1:477 |
Message | ICMP Source Quench |
Summary | This event is generated when a network host generates an ICMP source quench datagram.
|
Impact | ICMP source quench message are generated by gateway devices that no longer have the buffer space needed to queue datagrams for output to the next route. This could be an indication of a routing problem, network capacity problem, or on going Denial of Service attack.
|
Detailed Information | ICMP source quench messasges are generated when a gateway device runs out of buffer space to process incoming network traffic. This is an informational message that is generated in an attempt to inform the remote host generating the traffic to limit the speed at which it is sending network traffic to the remote host.
|
Affected Systems | |
Attack Scenarios | Denial of Service. Attackers could potenially use ICMP source quench datagrams to rate limit a remote host that listens to unsolicited ICMP source quench datagrams.
|
Ease of Attack | Numerous tools and scripts can generate this type of datagram.
|
Corrective Action | Use ingress filtering to block incoming ICMP source quench datagrams.
|
Additional References | http://www.whitehats.com/info/IDS238
|