This bundle detects HTTP, SSH, FTP, and SMB traffic tunneled over unencrypted ICMP messages. Attackers can compromise machines through ICMP tunneling by encapsulating traffic in an ICMP echo request to evade firewall rules and obfuscate data.

ICMP Tunneling Detection Dashboard

Bundle Contents

(1) Trigger
- ICMP Tunneling
(1) Dashboard
- ICMP Tunnel Detection
(1) Device group
- All Devices

Requirements

ExtraHop version 6.2.4 or later

Installation Instructions

Download the bundle on this page
Log into the ExtraHop Web UI and complete the following procedures:
- Upload and apply a bundle - When applying the bundle, check the Apply included assignments checkbox.
- Enable the ICMP Tunnel Detection trigger.

For Security

For Cloud

For IT Ops

Hunter Challenge

The Platform

Solutions

Customers

Partners

Blog

More

Start the Demo

Contact Us

ExtraHop Reveal(x) 360

How It Works

Competitive Comparison

Integrations and Automations

Cybersecurity Services

What is Network Detection and Response (NDR)?

Cloud-Native Security Solutions

Reveal(x) Enterprise: Self-Managed NDR

Solutions

Security

Cloud

IT Ops

Use Cases

Explore By Industry Vertical

Customers

Customer Portal Login

Cybersecurity Services

Training

ExtraHop Support

Partners

Channel Partners

Integrations and Automations

Partners

Blog

About Us

News & Events

Careers

Resources

About Us

The ExtraHop Advantage

What Is Cloud-Native?

Contact Us

News & Events

Take the Hunter Challenge

Upcoming Webinars and Events

Careers

Careers at ExtraHop

Search Openings

Connect on LinkedIn

Resources

Customer Stories

Remote Access Resource Hub

Network Attack Library

Protocol Library

Documentation

Firmware

Training Videos

ICMP Tunneling Detection

Description

Bundle Contents

Requirements

Installation Instructions

ExtraHop
Reveal(x) 360