Provided by Aanval (Snort & Syslog Intrusion Detection and Correlation Engine) www.aanval.com
--
| GEN:SID | 1:499 |
| Message | DELETED ICMP Large ICMP Packet |
| Summary | This event is generated when a large ICMP packet is detected. Also known as the "Ping of Death". |
| Impact | Denial of Service (DoS) by system crash or bandwidth utilisation. |
| Detailed Information | Some implementations of the IP stack may result in a system crash or may hang when a large ICMP packet is sent to them. Alternatively a large number of these packets may result in link saturation, especially where bandwidth is limited. This attack was prevalent a number of years ago when the TCP/IP stack of a number of operating systems could not handle large packet payloads. |
| Affected Systems | Multiple older systems. |
| Attack Scenarios | A malicious individual may send a series of large ICMP packets to a host with the intention of either crashing or hanging the host, or to saturate the available bandwidth. |
| Ease of Attack | Simple. |
| Corrective Action | |
| Additional References | ICMP Traffic - Seth Stein http://www.wfu.edu/~steinsj5/work/icmp.html |
| Rule References | arachnids: 246 |
--
DID:745583
--
http://www.aanval.com/