Intrusion Prevention



This indicates an attempt to launch an ICMP reverse shell.
This signature detects ICMPSH, a popular ICMP reverse shell tool. ICMPSH allows an attacker to remotely control a target Windows machine and execute arbitrary commands, over ICMP protocol.

Affected Products

Any unprotected Windows system is vulnerable.


System Compromise: Remote attackers can gain control of vulnerable systems.

Recommended Actions

Monitor the traffic from that network for any suspicious activity.
Use AntiVirus software to scan and clean the system.