TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
463
Signature ID: 12206
ICMP Datagram Conversion Error
Threat Level: Information
Signature Description: This event is generated when an ICMP Datagram Conversion Error message is found in the
network traffic. ICMP Datagram Conversion Error messages were used by network layer converters to sent back
information regarding invalid datagram conversions between IPv4 and IPv6. Network tools can be used to craft these
packets and insert into the network. The generation of this log is for information purpose only.
Signature ID: 12207
ICMP Datagram Conversion Error undefined code
Threat Level: Information
Signature Description: This event is generated when an ICMP Datagram Conversion Error message with a undefined
code is found in the network traffic. ICMP Datagram Conversion Error messages were used by network layer
converters to sent back information regarding invalid datagram conversions between IPv4 and IPv6. Only ICMP Codes
0 through 11 have been defined for this message and usages of ICMP Codes other than these values are invalid.
Sending a ICMP message with undefined ICMP Code values should be considered as a nefarious activity on the
network.
Signature ID: 12208
ICMP Destination Unreachable Destination Host Unknown
Threat Level: Information
Signature Description: This event is generated when an ICMP Destination Unreachable Destination Network Unknown
message is found in the network traffic. This message generated only when a router can determine (from link layer
advice) that the destination host does not exist. Excessive generation of this event may be an indication of improperly
configured hosts.
Signature ID: 12209
ICMP Destination Unreachable Destination Network Unknown
Threat Level: Information
Signature Description: This event is generated when an ICMP Destination Unreachable Destination Network Unknown
message is found in the network traffic. This message should be generated by a router only if it is sure that the
destination network does not exist. Routers normally generate Network Unreachable (code = 0) message, if it do not
have a route to that network, and usage of Network Unknown (code= 6) message is uncommon.
Signature ID: 12210
ICMP Destination Unreachable Fragmentation Needed and DF bit was set
Threat Level: Information
Signature Description: This event is generated when an ICMP Destination Unreachable Fragmentation Needed and DF
Set message is found in the network traffic. This message is generated if a router needs to fragment a datagram but
cannot since the DF flag is set. Excessive generation of this event may be an indication of improperly configured hosts.
Signature ID: 12211
ICMP Destination Unreachable Host Precedence Violation
Threat Level: Information
Signature Description: This event is generated when an ICMP Destination Unreachable Host Precedence Violation
message is found in the network traffic. This message is sent by the first hop router to a host to indicate that a requested
precedence is not permitted for the particular combination of source/destination host or network, upper layer protocol,