| GEN:SID | 1:466 |
| Message | ICMP L3retriever Ping |
| Summary | This event is generated when an ICMP echo request is made from a host running the L3 "Retriever 1.5" security scanner.
|
| Impact | Information gathering. An ICMP echo request can determine if a host is active.
|
| Detailed Information | An ICMP echo request is used by the ping command to elicit an ICMP echo reply from a listening live host. An echo request that originates from a host running the L3 "Retriever 1.5" security scanner contains a unique payload in the message request.
|
| Affected Systems | All
|
| Attack Scenarios | An attacker may attempt to determine live hosts in a network prior to launching an attack.
|
| Ease of Attack | Simple
|
| Corrective Action | Block inbound ICMP echo requests.
|
| Additional References | http://www.whitehats.com/info/IDS311
|
| Rule References | arachnids: 311
|