Intrusion Prevention

undersize_msg

Description

This signature indicates a DNS protocol anomaly. It indicates detection of an undersized Domain Name Service (DNS) message.


DNS is a system that translates between human-readable host or domain names (e.g. www.fortinet.com) and machine-understandable Internet Protocol addresses. According to RFC 1035 each DNS message consists of header and body parts. The header has a fixed size of 12 bytes, which is the minimum length of a valid DNS message.

Affected Products

Any unprotected DNS server may be vulnerable.

Impact

This is an anomaly, which may indicate potential attack attempts.

Recommended Actions

N/A

Other References

1