virus logo Intrusion Prevention

AddressMask

description-logoDescription


It indicates detection of an Internet Control Message Protocol (ICMP) address mask request (AMR).



According to RFC 792, upon receiving an AMR, a host should return it with identification information for the subnet on which the request was received. A remote attacker may use this method to detect if a host is alive so as to prepare for further attacks.

affected-products-logoAffected Products

Any unprotected system responding to ICMP address mask request is vulnerable.

Impact logoImpact

An attacker can gather information about live hosts in a network prior to launching an attack

recomended-action-logoRecommended Actions

Disable responding to ICMP address mask request.

Coverage

IPS (Regular DB)
IPS (Extended DB)

References

1
ID 12987
Created Sep 11, 2006
Updated Apr 23, 2014
CVE ID
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon lightgray-background-circle-icon lightgray-background-circle-icon
Exploit Prediction Score 0.65%
Default Action pass
Active
Affected OS Other
Affected App Other
Profile Type Information Disclosure