Preface: ICMP unreachable stormLogo -Internet Security Systems

ICMP unreachable storm
advICE :Intrusions : 2000104
 FAQ
Oh my gosh, I'm being HACKED!!!
How do I report the hacker to my ISP?
I'm seeing lots of attacks, is this normal?
Summary

Denial of service overload attempt.

Details

A large number of ICMP port-unreachable frames have been sent to a single IP address. The system and network may become unresponsive.

This often occurs as the result of an attack by a UDP-port scanner, which is scanning unsupported ports. This also may be a denial of service attack in which the source IP address is spoofed. When spoofing occurs, the real source of the attack may be hard to determine.

This may also occur as the result of a system or network misconfiguration. Sometimes, the system labelled as the intruder is trying to repetitively access a service which is unavailable.

 more information
advICE: spoofing  
 
CVE-1999-0214   Denial of service by sending forged ICMP unreachable packets.
 

 parametric information
countThe number of ICMP port-unreachable frames seen.

 configuration for this item
unreachable.count20The number of ICMP frames to trigger this intrusion detection.
unreachable.interval1The time interval (in seconds) over which the ICMP frames are measured.

 
Version appeared:
Privacy Policy |  Copyright Info