PROTOCOL-ICMP -- Snort alerted on Internet Control Message Protocol (ICMP) traffic, which allows hosts to send error messages about interruptions in traffic. Administrators can use ICMP to perform diagnostics and troubleshooting, but the protocol can also be used by attackers to gain information on a network. This protocol is vulnerable to several attacks, and many administrators block it altogether, or block selective messages.
PROTOCOL-ICMP PING Oracle Solaris
This event is generated when an ICMP echo request is made from a Solaris host running SING software. Impact: Information gathering. An ICMP echo request can determine if a host is active. Details: An ICMP echo request is used by the ping command to elicit an ICMP echo reply from a listening live host. An echo request that originates from a Solaris host running SING software contains a unique payload in the message request. Ease of Attack: Simple
No information provided
No public information
Known false positives, with the described conditions
An ICMP echo request may be used to legimately troubleshoot networking problems.
Original rule written by Max Vision <vision@whitehats.org> Documented by Steven Alexander<alexander.s@mccd.edu> Cisco Talos Judy Novak
No rule groups
None
No information provided
None
©2024 Cisco and/or its affiliates. Snort, the Snort and Pig logo are registered trademarks of Cisco. All rights reserved.
