Package: policy/misc/detect-traceroute
Detect hosts that are running traceroute.
policy/misc/detect-traceroute/__load__.bro
policy/misc/detect-traceroute/main.bro
This script detects a large number of ICMP Time Exceeded messages heading toward hosts that have sent low TTL packets. It generates a notice when the number of ICMP Time Exceeded messages for a source-destination pair exceeds a threshold.
Copyright 2016, The Bro Project.
Last updated on December 07, 2018.
Created using Sphinx 1.8.2.