Short Name |
DISCARD:EXPLOIT:UNEXPECTED-REP |
---|---|
Severity |
Major |
Recommended |
No |
Category |
DISCARD |
Release Date |
2003/04/22 |
Update Number |
1213 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
This protocol anomaly is server-to-client data on a DISCARD flow. DISCARD only allows client-to-server communication. This may indicate data tunneling.
If server-to-client datagrams are detected on TCP/UDP port 9, this constitutes a protocol anomaly. This condition could indicate a network configuration error. It may also indicate that unauthorized tunneling activity is occurring. As well, denial of service attacks frequently target the Discard service, in order to flood the target with spoofed traffic without generating any reply output that could alert the spoofed network(s) to the attack.