[Snort-sigs] Signature Definition #460, 5 of 20

Esler, Joel Contractor EslerJ at ...785...
Mon Jun 9 05:19:24 EDT 2003

 Rule: -- ICMP Unassigned! (Type 2)  
 Sid: -- 460
 Summary: -- This string detects and ICMP type of "2".
 Impact: -- Unknown
 Detailed Information: -- Certain scanners and hacker tools will allow you
to specifically craft ICMP types of 2, this could be an indication of a
vulnerability on your network, or an attacker crafting very specific packets
to sneak past outer defensive perimeters.
 Affected Systems: -- Unknown
 Attack Scenarios: -- Could be used for reconnasaince, (Scanning tools)
 Ease of Attack: -- Difficult
 False Positives: -- Unknown
 False Negatives: -- Unknown
 Corrective Action: -- Disallow ICMP Ping inbound at the router or firewall,
only allow incoming if requested from inside the network.
 Contributors: -- Joel Esler
 Additional References: 

More information about the Snort-sigs mailing list