mirror of
https://github.com/zeek/zeek.git
synced 2025-10-02 22:58:20 +00:00
ded98cd373
This is based on commit 2731def9159247e6da8a3191783c89683363689c from the zeek-docs repo.
17 lines
503 B
ReStructuredText
17 lines
503 B
ReStructuredText
:orphan:
|
|
|
|
Package: policy/misc/detect-traceroute
|
|
======================================
|
|
|
|
Detect hosts that are running traceroute.
|
|
|
|
:doc:`/scripts/policy/misc/detect-traceroute/__load__.zeek`
|
|
|
|
|
|
:doc:`/scripts/policy/misc/detect-traceroute/main.zeek`
|
|
|
|
This script detects a large number of ICMP Time Exceeded messages heading
|
|
toward hosts that have sent low TTL packets. It generates a notice when the
|
|
number of ICMP Time Exceeded messages for a source-destination pair exceeds
|
|
a threshold.
|
|
|