Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

You may experience some slow load times, errors, and slight inconsistencies. We ask for your patience as we finalize the launch. Thank you.

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started.

New Member

Signature 2153

This signature tends to fire on only one echo reply being sent have seen this in many cases multiple request come in with one reply and this fires. Is this a known issue or possible bug with signature.

  • Other Security Subjects
2 REPLIES
Bronze

Re: Signature 2153

The following is the explanation for this Signature

2153 Smurf. This triggers when a large number of ICMP Echo Replies are targeted at a machine. They can be from one or many sources. This will catch the attack known as Smurf, described in the related vulnerability page. Because this attack can come from many sources, automatic shunning of individual hosts is not very effective. If only one network is being used to broadcast the replies, the network can be shunned.

New Member

Re: Signature 2153

I know what it is supposed to trigger on but my concern is that it triggers on one echo reply in most cases that I have seen. There may be multple request but one reply triggers it usually during icmp network sweeps.

141
Views
0
Helpful
2
Replies