GEN:SID | 1:448 |
Message | ICMP Source Quench undefined code |
Summary | This event is generated when an ICMP "Source Quench" message is generated that has a non-zero ICMP code.
|
Impact | Informational. This may indicate that the ICMP message has been crafted.
|
Detailed Information | An ICMP "Source Quench" message is issued by a network device that cannot handle the current volume of traffic. The ICMP code value for this message should be 0. If a non-zero ICMP code is observed, it may be an indication that the packet was crafted with an invalid value.
ICMP Source Quench messages may be normally sent by either a gateway or a host as a congestion control mechanism. A gateway would send them if it is running out of buffer space (needed to queue datagrams for output to the next hop) or by a host that is receiving datagrams too fast to process. Maliciously crafted ICMP Source Quench Messages may be used to force a remote host to slow down its transmission rate and causing a Denial of Service.
|
Affected Systems | This traffic should have no adverse impact.
|
Attack Scenarios | An attacker may craft an ICMP "Source Quench" message with an invalid ICMP code. A single packet itself is not harmful, but the unusual ICMP code my indicate that this packet was abnormally generated.
|
Ease of Attack | Simple. There are many packages available to generate ICMP messages.
|
Corrective Action | If a routing device in your network is generating this message, investigate why it does not have a standard ICMP code of 0.
|
Additional References | |