The Large ICMP Packet Sources sensor looks for ICMP packets that are unusually large. Large packets may indicate tunneling attempts or data ex-filtration.
Troubleshooting a Large ICMP Packet Sources Alert
An alert from the Large ICMP Packet Sources sensor may indicate data ex-filtration activity. Data ex-filtration is a network security violation in which a user discreetly attempts to off-load data from an internal network to an external location.
If you suspect data ex-filtration, click the link for the offending host and investigate the suspected user in a Flow Forensic report in CA Network Flow Analysis. For more information about this step, see Built-in Workflows. You also can use any packet-inspection tools that you have, such as CA GigaStor, to identify the data that was off-loaded.
|
Copyright © 2013 CA.
All rights reserved.
|
|