Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Signature Detail

Security Intelligence Center
Signatures
Print

Short Name

 DISCARD:EXPLOIT:UNEXPECTED-REP

Severity

 High

Recommended

 No

Category

 DISCARD

Release Date

 2003/04/22

Update Number

 1213

Supported Platforms

 idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+

DISCARD: Unexpected Server Reply Exploit


This protocol anomaly is server-to-client data on a DISCARD flow. DISCARD only allows client-to-server communication. This may indicate data tunneling.

Extended Description

If server-to-client datagrams are detected on TCP/UDP port 9, this constitutes a protocol anomaly. This condition could indicate a network configuration error. It may also indicate that unauthorized tunneling activity is occurring. As well, denial of service attacks frequently target the Discard service, in order to flood the target with spoofed traffic without generating any reply output that could alert the spoofed network(s) to the attack.

References

  • URL: http://www.faqs.org/rfcs/rfc863.html
  • URL: http://www.rfc-archive.org/getrfc.php?rfc=863

Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy Policy
Legal Notices
Copyright © 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out