GEN:SID | 1:475 |
Message | ICMP traceroute ipopts |
Summary | This event is generated when a network host generates an ICMP datagram with Record Route IP options.
|
Impact | Packets containing IP Record Route options are used to emulate the functionality of traceroute.
|
Detailed Information | The Record Route IP option is used to store routing information about the path a datagram takes to its destination. ICMP ECHO packets with an IP header utilizing the Record Route option are used to emulate the functionality of traceroute.
|
Affected Systems | |
Attack Scenarios | A remote attacker may attempt to use the Record Route IP option to determine routing information if traceroute fails.
|
Ease of Attack | Numerous tools and scripts can generate this type of datagram.
|
Corrective Action | Use ingress filtering to block incoming datagrams with the IP Record Route option.
|
Additional References | http://www.whitehats.com/info/IDS238
|
Rule References | arachnids: 238
|