407.txt

来自「snort入侵检测规则文件2.4 Snort是众所周知的网络入侵检测工具」· 文本 代码 · 共 62 行

Rule:

--

Sid:
407

--

Summary:
This event is generated when An ICMP Destination Unreachable datagram is detected on the network with an undefined ICMP Code.  

--

Impact:
ICMP Codes for Destination Unreachable datagrams are defined in RFC 792 and RFC 1812.  The datagram that generated this event is not defined in either of these RFCs.  This could be an indication of a DoS (Denial of Service) attempt against the network. 

--

Detailed Information: 
This rule generates informational events about the network.  Large numbers of these messages on the network could indication routing problems, faulty routing devices, improperly configured hosts, or an attempted DoS.

--

Attack Scenarios:
Invalid or undefined ICMP codes should never be seen in normal network conditions.  A remote attacker could be generating these packets in an attempt to cause an DoS.

--

Ease of Attack:
Numerous tools and scripts can generate these types of ICMP datagrams.

--

False Positives:
None Known

--

False Negatives:
None Known

--

Corrective Action:
This rule detects informational network information, no corrective action is necessary.

--

Contributors:
Original Rule writer unknown
Sourcefire Research Team
Matthew Watchinski (matt.watchinski@sourcefire.com)

--

Additional References:
None


--