[Snort-sigs] Signature Definition #458, 4 of 20

Esler, Joel Contractor EslerJ at ...785...
Mon Jun 9 05:18:11 EDT 2003


 Rule: -- ICMP Unassigned! (Type 1)  
 Sid: -- 458 
 Summary: -- This string detects and ICMP type of "1".
 Impact: -- Unknown
 Detailed Information: -- Certain scanners and hacker tools will allow you
to specifically craft ICMP types of 1, this could be an indication of a
vulnerability on your network, or an attacker crafting very specific packets
to sneak past outer defensive perimeters.
 Affected Systems: -- Unknown
 Attack Scenarios: -- Could be used for reconnasaince, (Scanning tools)
 Ease of Attack: -- Difficult
 False Positives: -- Unknown
 False Negatives: -- Unknown
 Corrective Action: -- Disallow ICMP Ping inbound at the router or firewall,
only allow incoming if requested from inside the network.
 Contributors: -- Joel Esler
 Additional References: 
 
 




More information about the Snort-sigs mailing list