PROTOCOL-ICMP -- Snort alerted on Internet Control Message Protocol (ICMP) traffic, which allows hosts to send error messages about interruptions in traffic. Administrators can use ICMP to perform diagnostics and troubleshooting, but the protocol can also be used by attackers to gain information on a network. This protocol is vulnerable to several attacks, and many administrators block it altogether, or block selective messages.
PROTOCOL-ICMP PING Cisco Type.x
This event is generated when an ICMP echo request is made from a Cisco IOS 9.x system. Impact: Information gathering. An ICMP echo request can determine if a host is active. Details: An ICMP echo request is used by the ping command to elicit an ICMP echo reply from a listening live host. An echo request that originates from a system running Cisco IOS 9.x contains a unique payload in the message request. Ease of Attack: Simple
No information provided
No public information
Known false positives, with the described conditions
An ICMP echo request may be used to legimately troubleshoot networking problems.
Original rule written by Max Vision <vision@whitehats.org> Documented by Steven Alexander<alexander.s@mccd.edu> Cisco Talos Judy Novak
No rule groups
None
No information provided
None
©2025 Cisco and/or its affiliates. Snort, the Snort and Pig logo are registered trademarks of Cisco. All rights reserved.
