E-Concept Applications 0 Posted June 27, 2016 Share Posted June 27, 2016 Hello, Since April 15, I regulary have detections by ESET Endpoint Security (v6.3 and v6.4): "Detected covert channel exploit in ICMP packet" (In french: Intrusion d'un canal dissimulé dans un paquet ICMP détectée). I had trouble understanding where it came from, and in fact, every time the IP specified relate to Skype contacts with whom I talk. Is it really an exploit or a false positive? Thank you in advance for your answer. David PS : Sorry for my bad english... Link to comment Share on other sites More sharing options...
Administrators Marcos 5,277 Posted June 27, 2016 Administrators Share Posted June 27, 2016 Some applications may send some data via the ICMP protocol which is not common and this is detected by ESS. It doesn't mean that the communication is malicious, it's just suspicious. The data should be visible in a pcap log created by Wireshark so you can create one and send it to me via a personal message or upload it to a safe location and pm me the download link. Link to comment Share on other sites More sharing options...
Recommended Posts