Rule:

--

Sid:
399

--

Summary:
This event is generated when An ICMP Host Unreachable datagram is detected on the network.  

--

Impact:
Routers will generate this message when the route to the destination host on a directly connected network is not available.  This occurs when no ARP response is received from the destination network.

--

Detailed Information: 
This rule generates informational events about the network.  Large numbers of these messages on the network could indication routing problems, faulty routing devices, or improperly configured hosts.

--

Attack Scenarios:
None Known

--

Ease of Attack:
Numerous tools and scripts can generate these types of ICMP datagrams.

--

False Positives:
None Known

--

False Negatives:
None Known

--

Corrective Action:
This rule detects informational network information, no corrective action is necessary.

--

Contributors:
Original Rule writer unknown
Sourcefire Research Team
Matthew Watchinski (matt.watchinski@sourcefire.com)

--

Additional References:
None


--
