Synful Knock questions...
Jake Mertel
jake.mertel at ubiquityhosting.com
Fri Sep 25 18:42:54 UTC 2015
Looks like Cisco's Talos just released a tool to scan your network for
indications of the SYNful Knock malware. Details @
http://talosintel.com/scanner/ .
--
Regards,
Jake Mertel
Ubiquity Hosting
*Web: *https://www.ubiquityhosting.com
*Phone (direct): *1-480-478-1510
*Mail:* 5350 East High Street, Suite 300, Phoenix, AZ 85054
On Wed, Sep 16, 2015 at 7:33 AM, Stephen Fulton <sf at lists.esoteric.ca>
wrote:
> Follow-up to my own post, Fireeye has code on github:
>
> https://github.com/fireeye/synfulknock
>
>
> On 2015-09-16 10:27 AM, Stephen Fulton wrote:
>
>> Interesting, anyone have more details on how to construct the scan using
>> something like nmap?
>>
>> -- Stephen
>>
>> On 2015-09-16 9:20 AM, Royce Williams wrote:
>>
>>> HD Moore just posted the results of a full-Internet ZMap scan. I didn't
>>> realize that it was remotely detectable.
>>>
>>> 79 hosts total in 19 countries.
>>>
>>> https://zmap.io/synful/
>>>
>>> Royce
>>>
>>>
More information about the NANOG
mailing list