IPS singature 2151 (large icmp packet )

Unanswered Question
Mar 13th, 2008
User Badges:


If i want this signature to produce alert when recieve packet size within range 2000-3000 only, i will modify the packet size length for this range. My question is it need to make this value as 2000-3000 or there is an offsec i should keep it on my mind (24 bytes) so the value should be 1986-3204. please advice ???


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
irisrios Wed, 03/19/2008 - 09:23
User Badges:
  • Silver, 250 points or more

There is no such thing called as offsec . Always large range [1986-3204] would help in better scanning and analyzing the network.

AdnanShahid Wed, 06/11/2008 - 20:27
User Badges:


Hope fine. Can you pls tell me how can I mitigate Large_ICMP Alert in my firewall. What would be the best suited mitigation process/ work around to solve this.




This Discussion