Package: policy/misc/detect-tracerouteΒΆ
Detect hosts that are running traceroute.
policy/misc/detect-traceroute/__load__.bro
policy/misc/detect-traceroute/main.bro
This script detects a large number of ICMP Time Exceeded messages heading toward hosts that have sent low TTL packets. It generates a notice when the number of ICMP Time Exceeded messages for a source-destination pair exceeds a threshold.
Copyright 2016, The Bro Project.
Last updated on January 10, 2019.
Created using Sphinx 1.7.5.