Code: p490 Severity: Warning
Description: This event is generated when an external server sends an ICMP IRDP router advertisement message to an internal server. This may indicate an attempt to cause a denial of service by adding spoofed router information to an IRDP-enabled host's routing table. Impact: Denial of service. Corrective: For vulnerable Windows computers, disable IRDP on the system (see http://support.microsoft.com/support/kb/articles/q216/1/41.asp). For vulnerable Solaris 2.6 computers, install the patch provided by Sun (see http://sunsolve.sun.com/pub-cgi/show.pl?target=patches/patch-access). Use a packet filtering firewall to block ICMP type 9 packets from entering the internal network.
|
