DISCARD: Unexpected Server Reply Exploit
This protocol anomaly is server-to-client data on a DISCARD flow. DISCARD only allows client-to-server communication. This may indicate data tunneling.
Extended Description
If server-to-client datagrams are detected on TCP/UDP port 9, this constitutes a protocol anomaly. This condition could indicate a network configuration error. It may also indicate that unauthorized tunneling activity is occurring. As well, denial of service attacks frequently target the Discard service, in order to flood the target with spoofed traffic without generating any reply output that could alert the spoofed network(s) to the attack.
Short Name
DISCARD:EXPLOIT:UNEXPECTED-REP
Severity
Major
Recommended
False
Recommended Action
None
Category
DISCARD
Release Date
04/22/2003
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3324
False Positive
Unknown