The Large ICMP Packet Sources sensor looks for ICMP packets that are unusually large. Large packets may indicate tunneling attempts or data ex-filtration. Data ex-filtration is a network security violation in which a user discreetly attempts to off-load data from an internal network to an external location.
Troubleshooting a Large ICMP Packet Sources Alert
If you suspect data ex-filtration, click the link for the offending host and investigate the suspected user in a Flow Forensics report in the NFA console. You also can use a packet-inspection tool to identify the data that was off-loaded.
|
Copyright © 2015 CA Technologies.
All rights reserved.
|
|