Rule: -- Sid: 396 -- Summary: This event is generated when an ICMP Destination Unreachable Fragmentation Needed datagram is detected on the network. Gateway devices normally generate these ICMP messages when the destination network requires fragmentation before the datagram can be forwarded by a gateway. -- Impact: This ICMP message will be generated when the destination network specified in the datagram requires fragmentation and the DF bit is set on the datagram. This could be an indication of improperly configured network hosts. -- Detailed Information: This rule generates informational events about the network. Large numbers of these messages on the network could indication routing problems, faulty routing devices, or improperly configured hosts. -- Attack Scenarios: None Known -- Ease of Attack: Numerous tools and scripts can generate these types of ICMP datagrams. -- False Positives: None Known -- False Negatives: None Known -- Corrective Action: This rule detects informational network information, no corrective action is necessary. -- Contributors: Original Rule writer unknown Sourcefire Research Team Matthew Watchinski (matt.watchinski@sourcefire.com) -- Additional References: None --
