PROTOCOL-ICMP -- Snort alerted on Internet Control Message Protocol (ICMP) traffic, which allows hosts to send error messages about interruptions in traffic. Administrators can use ICMP to perform diagnostics and troubleshooting, but the protocol can also be used by attackers to gain information on a network. This protocol is vulnerable to several attacks, and many administrators block it altogether, or block selective messages.
PROTOCOL-ICMP Microsoft Windows IPv6 DNSSL option record denial of service attempt
The rule is looking for malicious value in ICMPv6 router advertisement packet.
What To Look For
This rule alerts on return traffic that exploits a denial of service vulnerability Microsoft Windows
No public information
No known false positives
Cisco Talos Intelligence Group
MITRE ATT&CK Framework
Technique: User Execution
For reference, see the MITRE ATT&CK vulnerability types here:
Denial of Service
Denial of Service attacks aim to make a server or program unresponsive for users. These attacks may be volume-based, to overwhelm the system, or they may use certain logical flaws in the software to cut the service off from the users. The attack may come from one or multiple sources. These attacks do not usually lead to a remote code execution. Volume based attacks are best handled using a firewall application.
CVE Additional Information