I’ve ran a hopper assessment but our internal firewall alerted of a spoofed request from an internal ip address. The ip address could not be resolved. The victim machine then started SYN FLOOD. We found only cymulate agent was communicating with the local ip address that sent spoofed request. I couldn’t find that ip address anywhere in the assessment report either.
Am I missing something here? Anyone with similar experience?
Best answer by nirs
View original