[Snort-sigs] Signature Definition #460, 5 of 20
Esler, Joel Contractor
EslerJ at ...785...
Mon Jun 9 05:19:24 EDT 2003
Rule: -- ICMP Unassigned! (Type 2)
Sid: -- 460
Summary: -- This string detects and ICMP type of "2".
Impact: -- Unknown
Detailed Information: -- Certain scanners and hacker tools will allow you
to specifically craft ICMP types of 2, this could be an indication of a
vulnerability on your network, or an attacker crafting very specific packets
to sneak past outer defensive perimeters.
Affected Systems: -- Unknown
Attack Scenarios: -- Could be used for reconnasaince, (Scanning tools)
Ease of Attack: -- Difficult
False Positives: -- Unknown
False Negatives: -- Unknown
Corrective Action: -- Disallow ICMP Ping inbound at the router or firewall,
only allow incoming if requested from inside the network.
Contributors: -- Joel Esler
More information about the Snort-sigs