E-Concept Applications 0 Posted June 27, 2016 Share Posted June 27, 2016 Hello, Since April 15, I regulary have detections by ESET Endpoint Security (v6.3 and v6.4): "Detected covert channel exploit in ICMP packet" (In french: Intrusion d'un canal dissimulé dans un paquet ICMP détectée). I had trouble understanding where it came from, and in fact, every time the IP specified relate to Skype contacts with whom I talk. Is it really an exploit or a false positive? Thank you in advance for your answer. David PS : Sorry for my bad english... Link to post Share on other sites
Administrators Marcos 3,626 Posted June 27, 2016 Administrators Share Posted June 27, 2016 Some applications may send some data via the ICMP protocol which is not common and this is detected by ESS. It doesn't mean that the communication is malicious, it's just suspicious. The data should be visible in a pcap log created by Wireshark so you can create one and send it to me via a personal message or upload it to a safe location and pm me the download link. Link to post Share on other sites
Recommended Posts