Provided by Aanval (Snort & Syslog Intrusion Detection and Correlation Engine) www.aanval.com
--
GEN:SID | 1:499 |
Message | DELETED ICMP Large ICMP Packet |
Summary | This event is generated when a large ICMP packet is detected. Also known as the "Ping of Death". |
Impact | Denial of Service (DoS) by system crash or bandwidth utilisation. |
Detailed Information | Some implementations of the IP stack may result in a system crash or may hang when a large ICMP packet is sent to them. Alternatively a large number of these packets may result in link saturation, especially where bandwidth is limited. This attack was prevalent a number of years ago when the TCP/IP stack of a number of operating systems could not handle large packet payloads. |
Affected Systems | Multiple older systems. |
Attack Scenarios | A malicious individual may send a series of large ICMP packets to a host with the intention of either crashing or hanging the host, or to saturate the available bandwidth. |
Ease of Attack | Simple. |
Corrective Action | |
Additional References | ICMP Traffic - Seth Stein http://www.wfu.edu/~steinsj5/work/icmp.html |
Rule References | arachnids: 246 |
--
DID:745583
--
http://www.aanval.com/