Rule Document 1:402

Report a false positive

Rule Category

PROTOCOL-ICMP -- Snort alerted on Internet Control Message Protocol (ICMP) traffic, which allows hosts to send error messages about interruptions in traffic. Administrators can use ICMP to perform diagnostics and troubleshooting, but the protocol can also be used by attackers to gain information on a network. This protocol is vulnerable to several attacks, and many administrators block it altogether, or block selective messages.

Alert Message

PROTOCOL-ICMP destination unreachable port unreachable packet detected

Rule Explanation

(tcp) DOS NAPTHA vulnerability detected.

What To Look For

No information provided

Known Usage

No public information

False Positives

No known false positives

Contributors

Cisco Talos Intelligence Group

Rule Groups

MITRE::ATT&CK Framework::Enterprise::Reconnaissance::Active Scanning

Vulnerability::Severity::Medium

CVE

CVE-2004-0790 CVE-2005-0068

Rule Vulnerability

CVE Additional Information

This product uses data from the NVD API but is not endorsed or certified by the NVD.
CVE-2004-0790
 Loading description
CVE-2005-0068
 Loading description