Cisco ASA 5505 User Manual

57-9

Cisco ASA 5500 Series Configuration Guide using the CLI

Chapter 57 Using Protection Tools

Configuring IP Audit for Basic IPS Support

2150

400023

Fragmented ICMP Traffic

Attack

Triggers when a IP datagram is received with
the protocol field of the IP header set to 1
(ICMP) and either the more fragments flag is
set to 1 (ICMP) or there is an offset indicated
in the offset field.

2151

400024

Large ICMP Traffic

Attack

Triggers when a IP datagram is received with
the protocol field of the IP header set to
1(ICMP) and the IP length > 1024.

2154

400025

Ping of Death Attack

Attack

Triggers when a IP datagram is received with
the protocol field of the IP header set to
1(ICMP), the Last Fragment bit is set, and (IP
offset * 8) + (IP data length) > 65535 that is
to say, the IP offset (which represents the
starting position of this fragment in the
original packet, and which is in 8 byte units)
plus the rest of the packet is greater than the
maximum size for an IP packet.

3040

400026

TCP NULL flags

Attack

Triggers when a single TCP packet with none
of the SYN, FIN, ACK, or RST flags set has
been sent to a specific host.

3041

400027

TCP SYN+FIN flags

Attack

Triggers when a single TCP packet with the
SYN and FIN flags are set and is sent to a
specific host.

Table 57-1

Signature IDs and System Message Numbers (continued)

Signature
ID

Message
Number

Signature Title

Signature Type Description