Preface: Corrupt IP optionsLogo -Internet Security Systems

Corrupt IP options
advICE :Intrusions : 2000108
 FAQ
Oh my gosh, I'm being HACKED!!!
How do I report the hacker to my ISP?
I'm seeing lots of attacks, is this normal?
Summary

An attempt has been made to crash the system or bypass security checks by using carefully crafted IP options.

Details

The "IP options" field is rarely used in Internet communication. As a result, there are many bugs in TCP/IP stack implementations. This intrusion indicates corrupted sub-fields within the IP option field designed to either crash the system (Denial of Service) or to subvert security checks.

Defense

If the system is indeed crashing or becoming unreachable from the network, then patch/upgrade the system.

 more information
BugtraqID: 736   Axent Raptor DoS
Raptor v6.0 can be crashed with specially malformed IP options.  
BugtraqID: 556   Gauntlet Firewall DoS
Sending corrupt options within an encapsulated IP packet will cause the Network Associates Guantlet v5.0 firewall to crash.  
BugtraqID: 302   Linux IP Options DoS
Systems based upon versions 2.2 and 2.3 of the Linux kernel are vulnerable, such as RedHat 6.0 and S.u.S.E 6.1.  
CVE-1999-0683   Denial of service in Gauntlet Firewall via a malformed ICMP packet.
 

 configuration for this item
icmp.badparam.count5 The number of ICMP bad parameter packets to trigger this detection.
icmp.badparam.interval30 The time interval (in seconds) over which the packets are measured.

 
Version appeared: 1.9
Privacy Policy |  Copyright Info