|
|
|
|
|
|
|
|
|
|
|
|
| home | help | back | first | fref | pref | prev | next | nref | lref | last | post |
X-Original-To: nanog@nanog.org Date: Sat, 26 Sep 2015 22:04:02 +0300 To: Jake Mertel <jake.mertel@ubiquityhosting.com>, Stephen Fulton <sf@lists.esoteric.ca> From: Hank Nussbacher <hank@efes.iucc.ac.il> In-Reply-To: <CAOhg=RyZUTbPrpBbEi0yVU0YjR-==RN=CJkEY8hV73Eg5p9OBQ@mail.g mail.com> Cc: "nanog@nanog.org" <nanog@nanog.org> Errors-To: nanog-bounces@nanog.org At 11:42 25/09/2015 -0700, Jake Mertel wrote: >Looks like Cisco's Talos just released a tool to scan your network for >indications of the SYNful Knock malware. Details @ >http://talosintel.com/scanner/ . More details here: http://blogs.cisco.com/security/talos/synful-scanner -Hank >-- >Regards, > >Jake Mertel >Ubiquity Hosting > > > >*Web: *https://www.ubiquityhosting.com >*Phone (direct): *1-480-478-1510 >*Mail:* 5350 East High Street, Suite 300, Phoenix, AZ 85054 > > >On Wed, Sep 16, 2015 at 7:33 AM, Stephen Fulton <sf@lists.esoteric.ca> >wrote: > > > Follow-up to my own post, Fireeye has code on github: > > > > https://github.com/fireeye/synfulknock > > > > > > On 2015-09-16 10:27 AM, Stephen Fulton wrote: > > > >> Interesting, anyone have more details on how to construct the scan using > >> something like nmap? > >> > >> -- Stephen > >> > >> On 2015-09-16 9:20 AM, Royce Williams wrote: > >> > >>> HD Moore just posted the results of a full-Internet ZMap scan. I didn't > >>> realize that it was remotely detectable. > >>> > >>> 79 hosts total in 19 countries. > >>> > >>> https://zmap.io/synful/ > >>> > >>> Royce > >>> > >>>
|
|
|
|
|
|
|
|
|
|
|
|
| home | help | back | first | fref | pref | prev | next | nref | lref | last | post |