At 11:42 25/09/2015 -0700, Jake Mertel wrote:
Looks like Cisco's Talos just released a tool to scan your network for indications of the SYNful Knock malware. Details @ http://talosintel.com/scanner/ .
More details here: http://blogs.cisco.com/security/talos/synful-scanner -Hank
-- Regards,
Jake Mertel Ubiquity Hosting
*Web: *https://www.ubiquityhosting.com *Phone (direct): *1-480-478-1510 *Mail:* 5350 East High Street, Suite 300, Phoenix, AZ 85054
On Wed, Sep 16, 2015 at 7:33 AM, Stephen Fulton <sf@lists.esoteric.ca> wrote:
Follow-up to my own post, Fireeye has code on github:
https://github.com/fireeye/synfulknock
On 2015-09-16 10:27 AM, Stephen Fulton wrote:
Interesting, anyone have more details on how to construct the scan using something like nmap?
-- Stephen
On 2015-09-16 9:20 AM, Royce Williams wrote:
HD Moore just posted the results of a full-Internet ZMap scan. I didn't realize that it was remotely detectable.
79 hosts total in 19 countries.
Royce
participants (1)
-
Hank Nussbacher