This signature tends to fire on only one echo reply being sent have seen this in many cases multiple request come in with one reply and this fires. Is this a known issue or possible bug with signature.
The following is the explanation for this Signature
2153 Smurf. This triggers when a large number of ICMP Echo Replies are targeted at a machine. They can be from one or many sources. This will catch the attack known as Smurf, described in the related vulnerability page. Because this attack can come from many sources, automatic shunning of individual hosts is not very effective. If only one network is being used to broadcast the replies, the network can be shunned.
I know what it is supposed to trigger on but my concern is that it triggers on one echo reply in most cases that I have seen. There may be multple request but one reply triggers it usually during icmp network sweeps.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
[toc:faq]Introduction:This document describes details on how NAT-T
works.Background:ESP encrypts all critical information, encapsulating
the entire inner TCP/UDP datagram within an ESP header. ESP is an IP
protocol in the same sense that TCP and UDP are I...