Start Demo

Back Arrow Bundle Library

ICMP Tunneling Detection

Description

This bundle detects HTTP, SSH, FTP, and SMB traffic tunneled over unencrypted ICMP messages. Attackers can compromise machines through ICMP tunneling by encapsulating traffic in an ICMP echo request to evade firewall rules and obfuscate data.

ICMP Tunneling Detection Dashboard

Bundle Contents

  • (1) Trigger
    • ICMP Tunneling
  • (1) Dashboard
    • ICMP Tunnel Detection
  • (1) Device group
    • All Devices

Requirements

ExtraHop version 6.2.4 or later

Installation Instructions

  1. Download the bundle on this page
  2. Log into the ExtraHop Web UI and complete the following procedures:
    • Upload and apply a bundle - When applying the bundle, check the Apply included assignments checkbox.
    • Enable the ICMP Tunnel Detection trigger.

Community discussion about this bundle

+

ExtraHop uses cookies to improve your online experience. By using this website, you consent to the use of cookies. Learn More