Signature Detail
Short Name |
ICMP:EXPLOIT:NON-ZERO-DATA-LEN |
|---|---|
Severity |
Medium |
Recommended |
No |
Category |
ICMP |
Release Date |
2003/04/22 |
Update Number |
1213 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
ICMP: Data Where None Expected
This protocol anomaly triggers when it detects ICMP data within an ICMP packet that should not contain data. This can indicate tunneling over ICMP.
Extended Description
An ICMP packet that contains data when it is not supposed to, is a protocol anomaly. Receiving such a packet may indicate that a nonstandard ICMP implementation is currently being used, or that some software, often malware, is transmitting data tunneling over ICMP. The impact of this anomalous situation depends on how an ICMP implementation handles such a malformed packet.
References