ICMP: Data Where None Expected

This protocol anomaly triggers when it detects ICMP data within an ICMP packet that should not contain data. This can indicate tunneling over ICMP.

Extended Description

An ICMP packet that contains data when it is not supposed to, is a protocol anomaly. Receiving such a packet may indicate that a nonstandard ICMP implementation is currently being used, or that some software, often malware, is transmitting data tunneling over ICMP. The impact of this anomalous situation depends on how an ICMP implementation handles such a malformed packet.

Short Name
ICMP:EXPLOIT:NON-ZERO-DATA-LEN
Severity
Minor
Recommended
False
Recommended Action
None
Category
ICMP
Release Date
04/22/2003
Supported Platforms

srx-branch-12.3

srx-19.3

srx-branch-19.3

vsrx3bsd-19.2

srx-branch-19.4

vsrx-19.4

mx-12.3

mx-19.4

vmx-19.4

mx-19.3

vsrx3bsd-19.4

srx-19.4

vsrx-12.3

vmx-19.3

vsrx-19.2

srx-12.3

Sigpack Version
3324
False Positive
Unknown

Found a potential security threat?