Provided by Aanval (Snort & Syslog Intrusion Detection and Correlation Engine) www.aanval.com
--
| GEN:SID | 1:2159 |
| Message | MISC BGP invalid type 0 |
| Summary | This event is generated when an invalid BGP type is detected. |
| Impact | Unknown. |
| Detailed Information | This event indicates that a Border Gateway Protocol (BGP) packet with an invalid type has been detected. BGP packets must have a type of 1 or more. This event indicates that a BGP packet was detected with a type of 0. This may be related to another issue regarding invalid BGP datasizes. See sid 2158 for further information. Note: if sid 2158 has been disabled, this event will be generated if the type of problem described in the documentation for sid 2158 is detected. |
| Affected Systems | This BGP packet may cause problems with TCPDump. |
| Attack Scenarios | An attacker would need to craft a special BGP packet with a type of 0 or a datasize of less than 20 bytes. |
| Ease of Attack | Simple. |
| Corrective Action | Upgrade to the latest non-affected version of the software |
| Additional References | |
| Rule References | bugtraq: 6213 cve: 2002-1350 nessus: 14011 nessus: 15043 |
--
DID:576722
--
http://www.aanval.com/