Detections
Analytics
TCP/IP Multicast Address Handling Remote DoS (spank.c)
medium Nessus Plugin ID 11901
Language:
Synopsis
The remote host responds to TCP packets that are coming from a multicast IP address.Description
Nessus has detected that the remote host responds to TCP packets that are coming from a multicast IP address. An attacker can exploit this to conduct a 'spank' denial of service attack, resulting in the host being shut down or network traffic reaching saturation. Also, this vulnerability can be used by an attacker to conduct stealth port scans against the host.Solution
Contact your operating system vendor for a patch. Alternatively, filter out multicast IP addresses (224.0.0.0/4).Plugin Details
Severity: Medium
ID: 11901
File Name: spank.nasl
Version: Revision: 1.20
Type: remote
Family: Denial of Service
Published: 10/22/2003
Updated: 3/2/2017
Supported Sensors: Nessus