LoFP LoFP / t1046

t1046

TitleTags
as the script block is a blob of text. false positive may occur with scripts that contain the keyword as a reference or simply use it for detection.
internal vulnerability scanners will trigger this detection.
legitimate administration activities
legitimate administrative use
legitimate administrator activity
legitimate python scripts using the socket library or similar will trigger this. apply additional filters and perform an initial baseline before deploying.
some normal use of this command may originate from security engineers and network or server administrators, but this is usually not routine or unannounced. use of `nping` by non-engineers or ordinary users is uncommon.
tools with similar commandline (very rare)
unlikely