Synful Knock questions...
Hank Nussbacher
hank at efes.iucc.ac.il
Sat Sep 26 19:04:02 UTC 2015
At 11:42 25/09/2015 -0700, Jake Mertel wrote:
>Looks like Cisco's Talos just released a tool to scan your network for
>indications of the SYNful Knock malware. Details @
>http://talosintel.com/scanner/ .
More details here:
http://blogs.cisco.com/security/talos/synful-scanner
-Hank
>--
>Regards,
>
>Jake Mertel
>Ubiquity Hosting
>
>
>
>*Web: *https://www.ubiquityhosting.com
>*Phone (direct): *1-480-478-1510
>*Mail:* 5350 East High Street, Suite 300, Phoenix, AZ 85054
>
>
>On Wed, Sep 16, 2015 at 7:33 AM, Stephen Fulton <sf at lists.esoteric.ca>
>wrote:
>
> > Follow-up to my own post, Fireeye has code on github:
> >
> > https://github.com/fireeye/synfulknock
> >
> >
> > On 2015-09-16 10:27 AM, Stephen Fulton wrote:
> >
> >> Interesting, anyone have more details on how to construct the scan using
> >> something like nmap?
> >>
> >> -- Stephen
> >>
> >> On 2015-09-16 9:20 AM, Royce Williams wrote:
> >>
> >>> HD Moore just posted the results of a full-Internet ZMap scan. I didn't
> >>> realize that it was remotely detectable.
> >>>
> >>> 79 hosts total in 19 countries.
> >>>
> >>> https://zmap.io/synful/
> >>>
> >>> Royce
> >>>
> >>>
More information about the NANOG
mailing list