Provided by Aanval (Snort & Syslog Intrusion Detection and Correlation Engine) www.aanval.com
--
GEN:SID | 1:2158 |
Message | MISC BGP invalid length |
Summary | This event is generated when an invalid BGP session is detected. |
Impact | Unknown. |
Detailed Information | This event indicates that an invalid Border Gateway Protocol (BGP) packet has been detected. BGP packets must have a datasize of at least 20 bytes. This event indicates that a BGP packet was detected with a datasize less than this amount. TCPDump may enter an endless loop trying to process this packet. |
Affected Systems | This BGP packet may cause problems with TCPDump. |
Attack Scenarios | An attacker would need to craft a special BGP packet with a type of 0 or a datasize of less than 20 bytes. |
Ease of Attack | Simple. |
Corrective Action | Upgrade to the latest non-affected version of the software |
Additional References | |
Rule References | bugtraq: 6213 cve: 2002-1350 nessus: 14011 nessus: 15043 url: sf.net/tracker/index.php?func=detail&aid=744523&group_id=53066&atid=469575 |
--
DID:587688
--
http://www.aanval.com/