IPS singature 2151 (large icmp packet )

Unanswered Question
Mar 13th, 2008

Hi,

If i want this signature to produce alert when recieve packet size within range 2000-3000 only, i will modify the packet size length for this range. My question is it need to make this value as 2000-3000 or there is an offsec i should keep it on my mind (24 bytes) so the value should be 1986-3204. please advice ???

Thanks

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
irisrios Wed, 03/19/2008 - 09:23

There is no such thing called as offsec . Always large range [1986-3204] would help in better scanning and analyzing the network.

AdnanShahid Wed, 06/11/2008 - 20:27

Hi,

Hope fine. Can you pls tell me how can I mitigate Large_ICMP Alert in my firewall. What would be the best suited mitigation process/ work around to solve this.

Thanks

adnan

Actions

This Discussion