Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
306
Views
0
Helpful
2
Replies

Signature 2153

n-timm
Level 1
Level 1

‎01-18-2003 04:30 PM - edited ‎03-09-2019 01:44 AM

This signature tends to fire on only one echo reply being sent have seen this in many cases multiple request come in with one reply and this fires. Is this a known issue or possible bug with signature.

Labels:
0 Helpful
2 Replies 2

ssoberlik
Level 4
Level 4

‎01-23-2003 08:37 AM

The following is the explanation for this Signature

2153 Smurf. This triggers when a large number of ICMP Echo Replies are targeted at a machine. They can be from one or many sources. This will catch the attack known as Smurf, described in the related vulnerability page. Because this attack can come from many sources, automatic shunning of individual hosts is not very effective. If only one network is being used to broadcast the replies, the network can be shunned.

0 Helpful

n-timm
Level 1
Level 1
In response to ssoberlik

‎01-24-2003 07:39 AM

I know what it is supposed to trigger on but my concern is that it triggers on one echo reply in most cases that I have seen. There may be multple request but one reply triggers it usually during icmp network sweeps.

0 Helpful
Customers Also Viewed These Support Documents