TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

461

462

463

464

465

466

467

468

469

470

ProCurve TMS zl Module IPS/IDS Signature

Reference Guide Version RLX.10.2.2.94

469

ICMP Parameter Problem Bad Length datagram indicates that the datagram was truncated before it reached its final

destination. This could be an indication of routing problems on the network, or malfunctioning routing hardware.

Signature ID: 12240

ICMP Parameter Problem message with Missing a Required Option

Threat Level: Information

Signature Description: This rule gets hit when a router generates an ICMP Parameter Problem Required Option

Missing datagram. A router generates a Parameter Problem message for any error not specifically covered by another

ICMP message. An ICMP Parameter Problem Required Option Missing datagram indicates that the IP datagram is

invalid or contains invalid IP options. This could be an indication of routing problems on the network, or

malfunctioning routing hardware.

Signature ID: 12241

ICMP Parameter Problem message with Unspecified Error

Threat Level: Information

Signature Description: This rule gets hit when a router generates an ICMP Parameter Problem Unspecified Error

datagram. A router generates a Parameter Problem message for any error not specifically covered by another ICMP

message. This could be an indication of routing problems on the network, or malfunctioning routing hardware.

Signature ID: 12242

ICMP Parameter Problem message with undefined ICMP Code

Threat Level: Information

Signature Description: This rule gets hit when a host generates an ICMP Parameter Problem datagram with an

undefined ICMP Code. A router generates a Parameter Problem message for any error not specifically covered by

another ICMP message. An ICMP datagrams should never contain undefined ICMP Codes. This is normally an

indication of nefarious activity occurring on the network.<br>

Signature ID: 12243

ICMP Type 40 Code 0 datagrams

Threat Level: Information

Signature Description: This rule gets hit when a host generates an ICMP Bad SPI datagram. Hosts using IP Security

Protocols such as AH or ESP generate ICMP Type 40 datagrams when a failure condition occurs. ICMP Type 40 Code

0 datagrams are generated when a received datagram includes a SPI (Security Parameters Index) that is invalid or has

expired. Normally this is an indication that hosts using IP Security Protocols such as AH or ESP have been configured

incorrectly or are failing to establish a session with another host.<br>

Signature ID: 12244

ICMP Type 40 Code 1 Authentication Failed Datagram

Threat Level: Information

Signature Description: This rule gets hit when a host generates an ICMP Type 40 Code 1 Authentication Failed

datagram. Hosts using IP Security Protocols such as AH or ESP generate ICMP Type 40 datagrams when a failure

condition occurs. ICMP Type 40 Code 1 datagrams are generated when a received datagram failed the authenticity or

integrity check for a given SPI (Security Parameters Index). In some situations this may be an indication that an outer

Encapsulation Security Protocol is in use, and the Authentication Header SPI is hidden inside the encapsulation.

Signature ID: 12245

ICMP Type 40 Code 2 Decompression Failed Datagram

Threat Level: Information

Signature Description: This rule gets hit when a host generates an ICMP Type 40 Code 2 Decompression Failed