Description
This bundle detects HTTP, SSH, FTP, and SMB traffic tunneled over unencrypted ICMP messages. Attackers can compromise machines through ICMP tunneling by encapsulating traffic in an ICMP echo request to evade firewall rules and obfuscate data.
Bundle Contents
- (1) Trigger
- ICMP Tunneling
- (1) Dashboard
- ICMP Tunnel Detection
- (1) Device group
- All Devices
Requirements
ExtraHop version 6.2.4 or laterInstallation Instructions
- Download the bundle on this page
- Log into the ExtraHop Web UI and complete the following procedures:
- Upload and apply a bundle - When applying the bundle, check the
Apply included assignments
checkbox. - Enable the ICMP Tunnel Detection trigger.
- Upload and apply a bundle - When applying the bundle, check the