Rule: -- Sid: 397 -- Summary: This event is generated when An ICMP Host Precedence Violation is sent by the first hop router to a host to indicate that a requested precedence is not permitted for the particular combination of source and destination host, network destination, upper layer protocol, or source/destination port. -- Impact: Routers will generate this message when the requested precedent is not permitted to transverse the network. This could be an indication of an improperly configured routing device or a improperly configured host on the network. -- Detailed Information: This rule generates informational events about the network. Large numbers of these messages on the network could indication routing problems, faulty routing devices, or improperly configured hosts. -- Attack Scenarios: None Known -- Ease of Attack: Numerous tools and scripts can generate these types of ICMP datagrams. -- False Positives: None Known -- False Negatives: None Known -- Corrective Action: This rule detects informational network information, no corrective action is necessary. -- Contributors: Original Rule writer unknown Sourcefire Research Team Matthew Watchinski (matt.watchinski@sourcefire.com) -- Additional References: None --