TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

461

462

463

464

465

466

467

468

469

470

ProCurve TMS zl Module IPS/IDS Signature

Reference Guide Version RLX.10.2.2.94

464

and source/destination port. Excessive generation of this event may be an indication of improperly configured

hosts/routing equipment or a routing problem.

Signature ID: 12212

ICMP Destination Unreachable Host Unreachable

Threat Level: Information

Signature Description: This event is generated when an ICMP Destination Unreachable Host Unreachable message is

found in the network traffic. This message is generated by a router when the destination system is on the same network

of the router but it is not reachable, may be because the system is not available or not responding to ARP request.

Excessive generation of this event may be an indication of improperly configured hosts/routing equipment or indication

of an attacker doing reconnaissance check on the network.

Signature ID: 12213

ICMP Destination Unreachable Host Unreachable for Type of Service

Threat Level: Information

Signature Description: This event is generated when an ICMP Destination Unreachable Host Unreachable message is

found in the network traffic. This message is generated if a router cannot forward a packet because its route(s) to the

destination do not match either the TOS requested in the datagram or the default TOS (0). Excessive generation of this

event may be an indication of improperly configured hosts/routing equipment.

Signature ID: 12214

ICMP Destination Unreachable Network Unreachable

Threat Level: Information

Signature Description: This event is generated when an ICMP Destination Unreachable Host Unreachable message is

found in the network traffic. This message is generated by a router if a forwarding path (route) to the destination

network is not available. Excessive generation of this event may be an indication of improperly configured

hosts/routing equipment or a routing problem.

Signature ID: 12215

ICMP Destination Unreachable Network Unreachable for Type of Service

Threat Level: Information

Signature Description: This event is generated when an ICMP Destination Unreachable Network Unreachable for Type

of Service message is found in the network traffic. This message will be generated when the route to the destination

network does not support the Type of Service requested in the datagram. One or two such message can be treated as

normal behavior, but excessive generation of this event may be an indication of improperly configured hosts/routing

equipment.

Signature ID: 12216

ICMP Destination Unreachable Port Unreachable Error

Threat Level: Information

Signature Description: ICMP is the protocol used by IP to inform about the error in delivering the packet at the

destination. ICMP Type 3 is to inform that packet is not delivered, i.e. connection is not established. There can be many

reasons for this to happen and ICMP code 3 - Port unreachable is one of them. This error message is generated

whenever attempt to connect to some closed port is made. Many of such logs, in a short period of time, indicate a

possible attempt of Port Scan.