Provided by Aanval (Snort & Syslog Intrusion Detection and Correlation Engine) www.aanval.com
--
GEN:SID | 1:525 |
Message | BAD-TRAFFIC udp port 0 traffic |
Summary | This event is generated when UDP traffic to port 0 is detected. This should not be seen in normal UDP communications. |
Impact | Denial of Service against Checkpoint Firewall 1 devices. Possible reconnaisance. This may be an attempt to verify the existance of a host or hosts at a particular address or address range. |
Detailed Information | UDP traffic to port 0 is not valid under normal circumstances. Certain versions of Checkpoints Firewall 1 are subject to a Denial of Service attack when UDP packets to port 0 are sent via VPN-1. an indicator of unauthorized network use, reconnaisance activity or system compromise. These rules may also generate an event due to improperly configured network devices. |
Affected Systems | Any |
Attack Scenarios | The attacker could send packets to a host with a destination port of 0. The attacker might also be using hping to verify the existance of a host as a prelude to an attack. |
Ease of Attack | Simple |
Corrective Action | Disallow UDP traffic to port 0. |
Additional References | CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0675 |
Rule References | bugtraq: 576 cve: 1999-0675 nessus: 10074 |
--
DID:305975
--
http://www.aanval.com/