| GEN:SID | 1:499 |
| Message | ICMP Large ICMP Packet |
| Summary | This event is generated when a large ICMP packet is detected. Also known as the "Ping of Death".
|
| Impact | Denial of Service (DoS) by system crash or bandwidth utilisation.
|
| Detailed Information | Some implementations of the IP stack may result in a system crash or may hang when a large ICMP packet is sent to them. Alternatively a large number of these packets may result in link saturation, especially where bandwidth is limited.
This attack was prevalent a number of years ago when the TCP/IP stack of a number of operating systems could not handle large packet payloads.
|
| Affected Systems | Multiple older systems.
|
| Attack Scenarios | A malicious individual may send a series of large ICMP packets to a host with the intention of either crashing or hanging the host, or to saturate the available bandwidth.
|
| Ease of Attack | Simple.
|
| Corrective Action | |
| Additional References | ICMP Traffic - Seth Stein http://www.wfu.edu/~steinsj5/work/icmp.html
|
| Rule References | arachnids: 246
|