397.txt

This is the snapshot of Snot Latest Rules

Rule:

--

Sid:
397

--

Summary:
This event is generated when An ICMP Host Precedence Violation is sent by the first hop router to a host to indicate that a requested precedence is not permitted for the particular combination of source and destination host, network destination, upper layer protocol, or source/destination port.

--

Impact:
Routers will generate this message when the requested precedent is not permitted to transverse the network.  This could be an indication of an improperly configured routing device or a improperly configured host on the network.

--

Detailed Information: 
This rule generates informational events about the network.  Large numbers of these messages on the network could indication routing problems, faulty routing devices, or improperly configured hosts.

--

Attack Scenarios:
None Known

--

Ease of Attack:
Numerous tools and scripts can generate these types of ICMP datagrams.

--

False Positives:
None Known

--

False Negatives:
None Known

--

Corrective Action:
This rule detects informational network information, no corrective action is necessary.

--

Contributors:
Original Rule writer unknown
Sourcefire Vulnerability Research Team
Matthew Watchinski (matt.watchinski@sourcefire.com)

--

Additional References:
None


--