Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
427
Views
0
Helpful
2
Replies

IPS singature 2151 (large icmp packet )

abdullah-asi
Level 1
Level 1

‎03-13-2008 03:34 AM

Hi,

If i want this signature to produce alert when recieve packet size within range 2000-3000 only, i will modify the packet size length for this range. My question is it need to make this value as 2000-3000 or there is an offsec i should keep it on my mind (24 bytes) so the value should be 1986-3204. please advice ???

Thanks

Labels:
0 Helpful
2 Replies 2

irisrios
Level 6
Level 6

‎03-19-2008 09:23 AM

There is no such thing called as offsec . Always large range [1986-3204] would help in better scanning and analyzing the network.

0 Helpful

AdnanShahid
Level 1
Level 1
In response to irisrios

‎06-11-2008 08:27 PM

Hi,

Hope fine. Can you pls tell me how can I mitigate Large_ICMP Alert in my firewall. What would be the best suited mitigation process/ work around to solve this.

Thanks

adnan

0 Helpful
Customers Also Viewed These Support Documents