ip_options

Explanation

This Netography Fusion Portal event looks for ICMP messages of type 12 (Parameter Problem). Routers will emit these messages when they receive a malformed packet that they cannot route. The presence of these messages usually indicates a networking problem, although in some circumstances the presence of these messages could be an indicator of malicious activity.

What to Look For

The source address of associated flows will be the IP of the networking device that emitted the ICMP message. The destination address will be the source address of the malformed packet that the networking device received. Examine network connectivity between the source and destination for connectivity issues, and examine the system at the destination address for configuration or security problems.