#include <rlp.h>
Data Fields | |
| int | seqValue |
This is useful because some covertchannel programs use static ICMP fields when they communicate. This particular plugin was developed to enable the stacheldraht detection rules written by Max Vision, but it is certainly useful for detection of a number of potential attacks. (And yes, I know the info for this field is almost identical to the icmp_id description, it's practically the same damn thing!)
The icmp_id option examines an ICMP ECHO packet's ICMP sequence field for a specific value.
This is useful because some covertchannel programs use static ICMP fields when they communicate. This particular plugin was developed to enable the stacheldraht detection rules written by Max Vision, but it is certainly useful for detection of a number of potential attacks. (And yes, I know the info for this field is almost identical to the icmp_id description, it's practically the same damn thing!)
All uses: icmp_seq: 0 icmp_seq:0
Definition at line 643 of file rlp.h.