next up previous contents
Next: Format Up: Non-Payload Detection Rule Options Previous: Example   Contents


The icmp_seq keyword is used to check for a specific ICMP sequence value.

This is useful because some covert channel programs use static ICMP fields when they communicate. This particular plugin was developed to detect the stacheldraht DDoS agent.


Eugene Misnik 2013-05-08