ICMP Tunneling Detection

Creator

changhwanoh

Created

Nov 6, 2017

Minimum Version

6.2.4

Description

This bundle detects HTTP, SSH, FTP, and SMB traffic tunneled over unencrypted ICMP messages. Attackers can compromise machines through ICMP tunneling by encapsulating traffic in an ICMP echo request to evade firewall rules and obfuscate data.

ICMP Tunneling Detection Dashboard

Bundle Contents

(1) Trigger
- ICMP Tunneling
(1) Dashboard
- ICMP Tunnel Detection
(1) Device group
- All Devices

Requirements

ExtraHop version 6.2.4 or later

Installation Instructions

Download the bundle on this page
Log into the ExtraHop Web UI and complete the following procedures:
- Upload and apply a bundle - When applying the bundle, check the Apply included assignments checkbox.
- Enable the ICMP Tunnel Detection trigger.

Products

Value

Services

Solutions

Solution Areas

Industry

Customers

Community Resources

Support

Training

Company

News & Events

Blog

ICMP Tunneling Detection

Description

Bundle Contents

Requirements

Installation Instructions

Community discussion about this bundle