Provided by Aanval (Snort & Syslog Intrusion Detection and Correlation Engine) www.aanval.com
--
GEN:SID | 1:420 |
Message | ICMP Mobile Host Redirect undefined code |
Summary | This event is generated when a network host generates an ICMP Mobile Host Redirect datagram with an undefined ICMP code. |
Impact | Undefined ICMP Code values should never be seen on the network. This could be an indication of nefarious activity on the network. |
Detailed Information | The Transparent Internet Routing for IP Mobile Hosts IETF draft defines ICMP Type 32 Code 0 as an ICMP Mobile Host Redirect Message. This message was intended to be used by mobile computers to inform base-stations of their location on the network as they move from base-station to base-station. In normal situations the ICMP Code should be set to 0, values other than 0 are undefined and should never be used. This IETF draft was never ratified, and no hardware is known to exist that generates this type of ICMP datagram |
Affected Systems | |
Attack Scenarios | None known |
Ease of Attack | Numerous tools and scripts can generate this type of ICMP datagram. |
Corrective Action | ICMP Type 32 datagrams are not normal network activity. Hosts generating these types of datagrams should be investigated for nefarious activity |
Additional References | None |
--
DID:328348
--
http://www.aanval.com/