Cisco ASA 5505 Configuration Manual page 1123

Chapter 52 Using Protection Tools
Table 52-1 Signature IDs and System Message Numbers (continued)
Signature Message
ID Number Signature Title
2008 400018 ICMP Timestamp Reply
2009 400019 ICMP Information Request
2010 400020 ICMP Information Reply
2011 400021 ICMP Address Mask Request
2012 400022 ICMP Address Mask Reply
2150 400023 Fragmented ICMP Traffic
2151 400024 Large ICMP Traffic
2154 400025 Ping of Death Attack
3040 400026 TCP NULL flags
3041 400027 TCP SYN+FIN flags
OL-20339-01
Signature Type Description
Informational Triggers when a IP datagram is received with
the protocol field of the IP header set to 1
(ICMP) and the type field in the ICMP header
set to 14 (Timestamp Reply).
Informational Triggers when a IP datagram is received with
the protocol field of the IP header set to 1
(ICMP) and the type field in the ICMP header
set to 15 (Information Request).
Informational Triggers when a IP datagram is received with
the protocol field of the IP header set to 1
(ICMP) and the type field in the ICMP header
set to 16 (ICMP Information Reply).
Informational Triggers when a IP datagram is received with
the protocol field of the IP header set to 1
(ICMP) and the type field in the ICMP header
set to 17 (Address Mask Request).
Informational Triggers when a IP datagram is received with
the protocol field of the IP header set to 1
(ICMP) and the type field in the ICMP header
set to 18 (Address Mask Reply).
Attack Triggers when a IP datagram is received with
the protocol field of the IP header set to 1
(ICMP) and either the more fragments flag is
set to 1 (ICMP) or there is an offset indicated
in the offset field.
Attack Triggers when a IP datagram is received with
the protocol field of the IP header set to
1(ICMP) and the IP length > 1024.
Attack Triggers when a IP datagram is received with
the protocol field of the IP header set to
1(ICMP), the Last Fragment bit is set, and (IP
offset * 8) + (IP data length) > 65535 that is
to say, the IP offset (which represents the
starting position of this fragment in the
original packet, and which is in 8 byte units)
plus the rest of the packet is greater than the
maximum size for an IP packet.
Attack Triggers when a single TCP packet with none
of the SYN, FIN, ACK, or RST flags set has
been sent to a specific host.
Attack Triggers when a single TCP packet with the
SYN and FIN flags are set and is sent to a
specific host.
Cisco ASA 5500 Series Configuration Guide using ASDM
Configuring IP Audit for Basic IPS Support
52-9