Rule: -- Sid: 426 -- Summary: This event is generated when a router generates and ICMP Parameter Problem Required Option Missing datagram. -- Impact: This could be an indication of a protocol error by a previous hop router. Normally this datagram would only be generated when the IP datagram is truncated or damaged before it reaches its final destination. -- Detailed Information: A router generates a Parameter Problem message for any error not specifically covered by another ICMP message. An ICMP Parameter Problem Required Option Missing datagram indicates that the IP datagram is invalid or contains invalid IP options. This could be an indication of routing problems on the network, or malfunctioning routing hardware. -- Attack Scenarios: None known -- Ease of Attack: Numerous tools and scripts can generate this type of ICMP datagram. -- False Positives: None known -- False Negatives: None known -- Corrective Action: ICMP Type 12 Code 1 datagrams are not normal network activity. Hosts generating these types of datagrams should be investigated for configuration errors or nefarious activity. -- Contributors: Original Rule writer unknown Sourcefire Research Team Matthew Watchinski (matt.watchinski@sourcefire.com) -- Additional References: None --
