Rule: -- Sid: 425 -- Summary: This event is generated when a router generates and ICMP Parameter Problem Bad Length datagram. -- Impact: This could be an indication of a protocol error by a previous hop router. Normally this datagram would only be generated with the datagram was truncated before it reached its final destination. -- Detailed Information: A router generates a Parameter Problem message for any error not specifically covered by another ICMP message. An ICMP Parameter Problem Bad Length datagram indicates that the datagram was truncated before it reached its final destination. This could be an indication of routing problems on the network, or malfunctioning routing hardware. -- Attack Scenarios: None known -- Ease of Attack: Numerous tools and scripts can generate this type of ICMP datagram. -- False Positives: None known -- False Negatives: None known -- Corrective Action: ICMP Type 12 Code 2 datagrams are not normal network activity. Hosts generating these types of datagrams should be investigated for configuration errors or nefarious activity. -- Contributors: Original Rule writer unknown Sourcefire Research Team Matthew Watchinski (matt.watchinski@sourcefire.com) -- Additional References: None --
