Provided by Aanval (Snort & Syslog Intrusion Detection and Correlation Engine) www.aanval.com
--
| GEN:SID | 1:371 |
| Message | ICMP PING Cisco Type.x |
| Summary | This event is generated when an ICMP echo request is made from a Cisco IOS 9.x system. |
| Impact | Information gathering. An ICMP echo request can determine if a host is active. |
| Detailed Information | An ICMP echo request is used by the ping command to elicit an ICMP echo reply from a listening live host. An echo request that originates from a system running Cisco IOS 9.x contains a unique payload in the message request. |
| Affected Systems | All |
| Attack Scenarios | An attacker may attempt to determine live hosts in a network prior to launching an attack. |
| Ease of Attack | Simple |
| Corrective Action | Block inbound ICMP echo requests. |
| Additional References | Arachnids: http://www.whitehats.com/info/IDS153 |
| Rule References | arachnids: 153 |
--
DID:398526
--
http://www.aanval.com/