Sign In
- Platform
- Solutions
- Modern NDR
- Resources
- Company
Platform
Modern NDR
Resources
Platform
Modern NDR
Resources
DETECTION OVERVIEW
Risk Factors
Ping scans are easy to run and have few disadvantages. After an attacker compromises a single workstation on a network, they can enumerate through host discovery, and then laterally move to other active workstations. However, ping scans are noisy and this type of malicious activity is easily detected, so hackers avoid these types of scans to avoid being caught.
The system might change the risk score for this detection.
Kill Chain
Risk Score
37
Host discovery is one of the first steps taken during network reconnaissance, and can be easily done with a ping scan. An attacker might begin probing a subnet range for online hosts by sending an ICMP Echo Request (or ping) to each IP address on that subnet. Machines that reply with an ICMP Echo reply are considered active and can be targeted for further enumeration through tools such as Nmap Security Scanner.
Configure host-based or network-based firewalls to reject ICMP Echo traffic
Monitor ICMP traffic on your network for an unusual increase in ICMP traffic from distinct hosts
Implement network segmentation policies that restrict device communication to a limited number of peers
