ICMP Tunneling Detection

Creator

changhwanoh

Created

Nov 6, 2017

Minimum Version

6.2.4

Description

This bundle detects HTTP, SSH, FTP, and SMB traffic tunneled over unencrypted ICMP messages. Attackers can compromise machines through ICMP tunneling by encapsulating traffic in an ICMP echo request to evade firewall rules and obfuscate data.

ICMP Tunneling Detection Dashboard

Bundle Contents

(1) Trigger
- ICMP Tunneling
(1) Dashboard
- ICMP Tunnel Detection
(1) Device group
- All Devices

Requirements

ExtraHop version 6.2.4 or later

Installation Instructions

Download the bundle on this page
Log into the ExtraHop Web UI and complete the following procedures:
- Upload and apply a bundle - When applying the bundle, check the Apply included assignments checkbox.
- Enable the ICMP Tunnel Detection trigger.

Products

Differentiation

Solutions

Security Operations

IT Modernization

Application Analytics

Network Performance

Customers

Community

Partners

Support

Training

Resources

More Resources

Company

Events and Information

ICMP Tunneling Detection

Description

Bundle Contents

Requirements

Installation Instructions

Community discussion about this bundle