ICMP.Reverse.Shell

description-logoDescription

This indicates an attempt to launch an ICMP reverse shell.
This signature detects ICMPSH, a popular ICMP reverse shell tool. ICMPSH allows an attacker to remotely control a target Windows machine and execute arbitrary commands, over ICMP protocol.

affected-products-logoAffected Products

Any unprotected Windows system is vulnerable.

Impact logoImpact

System Compromise: Remote attackers can gain control of vulnerable systems.

recomended-action-logoRecommended Actions

Monitor the traffic from that network for any suspicious activity.
Use AntiVirus software to scan and clean the system.

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)

Version Updates

Date Version Detail
2020-02-11 15.775 Default_action:pass:drop
2019-12-31 15.751