TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

461

462

463

464

465

466

467

468

469

470

ProCurve TMS zl Module IPS/IDS Signature

Reference Guide Version RLX.10.2.2.94

465

Signature ID: 12217

ICMP Destination Unreachable Precedence Cutoff in effect

Threat Level: Information

Signature Description: This event is generated when an ICMP Destination Unreachable Precedence Cutoff in effect

message is found in the network traffic. This rule generates informational events about the network. The network

operators have imposed a minimum level of precedence required for operation, the datagram was sent with precedence

below this level. One or two such message is normal, but excessive generation of this event may be an indication of

improperly configured hosts/routing equipment.

Signature ID: 12218

ICMP Destination Unreachable Protocol Unreachable

Threat Level: Information

Signature Description: This event is generated when an ICMP Destination Unreachable Protocol Unreachable is found

in the network traffic. This rule generates informational events about the network. Multiple TCP/IP and ICMP

implementations allow remote attackers to cause a denial of service (reset TCP connections) via spoofed ICMP error

messages. Large numbers of these messages on the network could be an indication of an attacker running scaner tool

against a target system on the network.

Signature ID: 12219

ICMP Destination Unreachable Source Host Isolated

Threat Level: Information

Signature Description: This event is generated when an ICMP Destination Unreachable Source Host Isolated is found

in the network traffic. This rule generates informational events about the network. Large numbers of these messages on

the network could be an indication of routing problems, of faulty routing devices, or improperly configured hosts.

Signature ID: 12220

ICMP Destination Unreachable Source Route Failed

Threat Level: Information

Signature Description: This event is generated when an ICMP Destination Unreachable Source Route Failed is found

in the network traffic. This rule generates informational events about the network. Large numbers of these messages on

the network could indication routing problems, faulty routing devices, or improperly configured hosts.

Signature ID: 12222

ICMP Echo Reply undefined code

Threat Level: Information

Signature Description: This event is generated when an ICMP Echo Reply message with an undefined ICMP code is

found in the network traffic. An ICMP Echo Reply message is sent in response to an ICMP Echo Request message and

in this message the code value has to be set to zero. If the ICMP Echo Reply message reaches the requesting host it

indicates that the replying host is alive. Remote attackers my generate ICMP Echo Reply datagram with invalid ICMP

Codes in an attempt to cause faults in the applications or hosts generating ICMP Echo Requests.<br>Sending a ICMP

message with undefined ICMP Code values should be considered as a nefarious activity on the network.

Signature ID: 12223

ICMP Fragment Reassembly Time Exceeded

Threat Level: Information

Signature Description: This event is generated when an ICMP Fragment Reassembly Time Exceeded message is found

in the network traffic. This message is sent out by a host when it receives a fragmented datagram, with some fragments

missing, if those missing parts are not received within an operating system specific value of time. One or two such