PROTOCOL-ICMP -- Snort alerted on Internet Control Message Protocol (ICMP) traffic, which allows hosts to send error messages about interruptions in traffic. Administrators can use ICMP to perform diagnostics and troubleshooting, but the protocol can also be used by attackers to gain information on a network. This protocol is vulnerable to several attacks, and many administrators block it altogether, or block selective messages.
PROTOCOL-ICMP Timestamp Request undefined code
This event is generated when an ICMP Timestamp request is made with an invalid or undefined ICMP Code. Impact: Information gathering. An ICMP Timestamp request can determine if a host is active. Details: An ICMP Timestamp request is used by the ping command to elicit an ICMP Timestamp reply from a listening live host. This rule alerts on a generic ICMP request where no payload is included in the message or the payload does not match more specific rules. If ICMP type 8 (echo) traffic is filtered at a firewall, an attacker may try to use type 13 (timestamp) as an alternative. Ease of Attack: Simple
No information provided
No public information
Known false positives, with the described conditions
An ICMP Timestamp request may be used to legitimately troubleshoot networking problems.
Original Rule Writer Unknown Cisco Talos Nigel Houghton Judy Novak Additional information by Steven Alexander<alexander.s@mccd.edu>
No rule groups
None
No information provided
None
©2024 Cisco and/or its affiliates. Snort, the Snort and Pig logo are registered trademarks of Cisco. All rights reserved.
