ICMP_DDOS Stacheldraht client spoofworks

 

Code: p411

Severity: Warning

 

Description: This event is generated when a Stacheldraht handler attempts to confirm that an agent has the ability to spoof a source IP.

Impact: Severe. This indicates that a Stacheldraht agent exists on the destination host.

Corrective: Use egress filtering in your network to prevent traffic leaving your network that is not part of the internal address space so source IPs cannot be spoofed.