IP: ESP Runt
This signature detects ESP packets that are too short to contain a valid payload. ESP is a tunneling protocol and therefore should contain payload data. Sending an empty ESP packet is anomalous and therefore suspect. An attacker could be probing your IPSEC gateways for vulnerabilities. If you do not use IPSEC, this signature is not recommended.
Short Name
IP:ESP-RUNT
Severity
Info
Recommended
False
Recommended Action
None
Category
IP
Keywords
ESP Runt
Release Date
07/12/2006
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3769
Port
ip/50
False Positive
Occasionally