TCP/IP Multicast Address Handling Remote DoS (spank.c)

This script is Copyright (C) 2003-2016 Tenable Network Security, Inc.


Synopsis :

The remote host responds to TCP packets that are coming from a
multicast IP address.

Description :

Nessus has detected that the remote host responds to TCP packets
that are coming from a multicast IP address. An attacker can exploit
this to conduct a 'spank' denial of service attack, resulting in the
host being shut down or network traffic reaching saturation. Also,
this vulnerability can be used by an attacker to conduct stealth port
scans against the host.

Solution :

Contact your operating system vendor for a patch. Alternatively,
filter out multicast IP addresses (224.0.0.0/4).

Risk factor :

Medium / CVSS Base Score : 6.1
(CVSS2#AV:A/AC:L/Au:N/C:N/I:N/A:C)

Family: Denial of Service

Nessus Plugin ID: 11901 ()

Bugtraq ID:

CVE ID: