Added suspicious ICMP payload content

Fixes #7049
2026-05-02 00:40:10 +00:00 · 2022-12-18 13:18:56 +01:00 · 2022-12-18 13:18:56 +01:00 · f73c3b32f1
commit f73c3b32f1
parent e3be9b993a
5 changed files with 38 additions and 4 deletions
--- a/scripts/lua/modules/icmp_utils.lua
+++ b/scripts/lua/modules/icmp_utils.lua
@ -98,4 +98,14 @@ if(trace_script_duration ~= nil) then
  io.write(debug.getinfo(1,'S').source .." executed in ".. (os.clock()-clock_start)*1000 .. " ms\n")
 end

+function icmp_utils.is_suspicious_entropy(e_min, e_max)
+   local diff = e_max - e_min
+   
+   if((e_min < 5) or (e_max >= 6) or (diff > 0.2)) then
+      return true
+   else
+      return false
+   end
+end
+
 return icmp_utils