Home | Security Forums | Free Tools | arachNIDS 

[ Tuesday, November 16 ]  


What's New
About Whitehats
Infosec Library
Contact Us
Terms Of Use
Privacy Policy


Intrusion Detection
. arachNIDS Center
. Submit Signatures
. Forum: General NIDS
. Forum: arachNIDS
. Forum: Signatures
. Forum: Snort IDS
. IDS Tools

Penetration Testing
. Forum: Penetration
. Forum: Nessus
. Assessment Tools

Network Defense
. Forum: DDOS Attacks
. Forum: Internet Law
. Forum: Incidents
. Defense Tools


Search arachNIDS
Search Tools
Search Forums

Whitehats Intrusion Detection Events Database: Full details for source_route_udp_lsrre
arachNIDS - The Intrusion Event Database
browse by grouping, classification, target affected

IDS420 "SOURCE_ROUTE_UDP_LSRRE

Platform(s):   unix windows device
Category:   misc
Classification:   Suspicious
  CVE CAN-1999-0510
  Bugtraq nomatch
  advICE 2000013
 

 Summary 
This event indicates that a UDP packet had Loose Source Record Route set in the IP Options. Source routing is a security risk and should be blocked by your firewall or routers. 

 How Specific 
This event is specific to a vulnerability, but may have been caused by any of several possible exploits. Packet payload is not considered in the signatures used to detect this attack.  

 Trusting The Source IP Address 
Since this event was caused by a UDP packet, the source IP address could be easily forged. It has been noted that the intruder is likely to expect or desire a response to their packets, so it may be likely that the source IP address is not spoofed.  

  Protocol details... (ip header, tcp/udp/icmp header, payload data)
  Research details... (packet captures, background, credits)
  IDS Signatures... (dynamically generated signatures for free and commercial IDS)
 
Copyright © 2001 Whitehats, Inc. All rights reserved.


explain the meaning of the fields  

© 2001 Whitehats, Inc. All rights reserved. Contact Us