ICMP.Reverse.Shell
Description
This indicates an attempt to launch an ICMP reverse shell.
This signature detects ICMPSH, a popular ICMP reverse shell tool. ICMPSH allows an attacker to remotely control a target Windows machine and execute arbitrary commands, over ICMP protocol.
Affected Products
Any unprotected Windows system is vulnerable.
Impact
System Compromise: Remote attackers can gain control of vulnerable systems.
Recommended Actions
Monitor the traffic from that network for any suspicious activity.
Use AntiVirus software to scan and clean the system.
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |