| GEN:SID | 1:475 |
| Message | ICMP traceroute ipopts |
| Summary | This event is generated when a network host generates an ICMP datagram with Record Route IP options.
|
| Impact | Packets containing IP Record Route options are used to emulate the functionality of traceroute.
|
| Detailed Information | The Record Route IP option is used to store routing information about the path a datagram takes to its destination. ICMP ECHO packets with an IP header utilizing the Record Route option are used to emulate the functionality of traceroute.
|
| Affected Systems | |
| Attack Scenarios | A remote attacker may attempt to use the Record Route IP option to determine routing information if traceroute fails.
|
| Ease of Attack | Numerous tools and scripts can generate this type of datagram.
|
| Corrective Action | Use ingress filtering to block incoming datagrams with the IP Record Route option.
|
| Additional References | http://www.whitehats.com/info/IDS238
|
| Rule References | arachnids: 238
|