Validating command injection vulnerabilities with ICMP traffic