Provided by Aanval (Snort & Syslog Intrusion Detection and Correlation Engine) www.aanval.com
--
GEN:SID | 1:475 |
Message | ICMP traceroute ipopts |
Summary | This event is generated when a network host generates an ICMP datagram with Record Route IP options. |
Impact | Packets containing IP Record Route options are used to emulate the functionality of traceroute. |
Detailed Information | The Record Route IP option is used to store routing information about the path a datagram takes to its destination. ICMP ECHO packets with an IP header utilizing the Record Route option are used to emulate the functionality of traceroute. |
Affected Systems | |
Attack Scenarios | A remote attacker may attempt to use the Record Route IP option to determine routing information if traceroute fails. |
Ease of Attack | Numerous tools and scripts can generate this type of datagram. |
Corrective Action | Use ingress filtering to block incoming datagrams with the IP Record Route option. |
Additional References | http://www.whitehats.com/info/IDS238 |
Rule References | arachnids: 238 |
--
DID:554443
--
http://www.aanval.com/