GEN:SID 1:443
Message ICMP Router Selection
Summary This event is generated when an ICMP Router Selection message is found on the network.
Impact  
Detailed Information ICMP Address Mask Requests are defined in RFC 950 as the third method hosts may support for determing the address mask correspoding to its IP address.  In most implementations this method is not supported, and should not be normal traffic on most networks.  
Affected Systems  
Attack Scenarios Attackers may use this ICMP Type to gather information about the subnet masks of a given network.
Ease of Attack Numerous tools and scripts can generate ICMP Address Mask Requests.
Corrective Action ICMP Type 17 should be blocked at the upstream firewall.  This type of ICMP request should never originate from a host outside of the protected network.
Additional References None

Rule References arachnids: 174