#include <rlp.h>
Data Fields | |
| int | icmpId |
This is useful because some covert channel programs use static ICMP fields when they communicate. This particular plugin was developed to enable the stacheldraht detection rules written by Max Vision, but it is certainly useful for detection of a number of potential attacks.
The icmp_id option examines an ICMP ECHO packet's ICMP ID number for a specific value.
This is useful because some covert channel programs use static ICMP fields when they communicate. This particular plugin was developed to enable the stacheldraht detection rules written by Max Vision, but it is certainly useful for detection of a number of potential attacks.
All uses:
icmp_id:0 icmp_id:1000 icmp_id:456 icmp_id:51201 icmp_id:666 icmp_id:667 icmp_id:668 icmp_id:669 icmp_id:123 icmp_id:6666 icmp_id:6667 icmp_id:9015
Definition at line 605 of file rlp.h.