ICMP Scan
ICMP Scan
Identifying an ICMP (Internet Control Message Protocol) Scan is a critical aspect of network reconnaissance detection and overall cybersecurity. An ICMP scan, often used in the initial stages of network reconnaissance, involves sending ICMP echo request packets ("pings") to various hosts on a network to determine which ones are active. While ICMP is a standard network tool for diagnosing and managing network issues, its use in scanning can signal the preliminary phase of a more targeted attack, where attackers seek to identify potential vulnerabilities in active hosts. Detecting ICMP scans promptly is essential as it can be an early warning of an impending cyber attack, allowing network administrators to tighten security measures, monitor suspicious activities more closely, and protect vulnerable systems before they can be exploited.
ElastiFlow provides a collection of anomaly detection jobs designed to identify ICMP scans comprising a series of monitoring strategies and analytics techniques, focused on detecting unusual ICMP traffic patterns that are indicative of scanning activities.
Attributes
Attribute | Information |
---|---|
Analysis Type | temporal |
MITRE ATT&CK Technique | Network Denial of Service (T1498) |
MITRE ATT&CK Sub-Technique | Reflection Amplification (T1498.002) |
MITRE ATT&CK Tactic | Impact (TA0040) |
Downloads
By implementing this suite of anomaly detection jobs, organizations can effectively monitor and swiftly identify ICMP scanning activities. Early detection of such reconnaissance activities is crucial in pre-emptively addressing potential cybersecurity threats, allowing for timely and appropriate defensive actions to protect the network infrastructure.