Solved

Do Hopper Assessment send spoofed requests?

  • 18 December 2023
  • 1 reply
  • 43 views

Badge

I’ve ran a hopper assessment but our internal firewall alerted of a spoofed request from an internal ip address. The ip address could not be resolved. The victim machine then started SYN FLOOD. We found only cymulate agent was communicating with the local ip address that sent spoofed request. I couldn’t find that ip address anywhere in the assessment report either.

Am I missing something here? Anyone with similar experience?

icon

Best answer by nirs 19 December 2023, 14:32

View original

1 reply

Userlevel 2
Badge +2

I’ve ran a hopper assessment but our internal firewall alerted of a spoofed request from an internal ip address. The ip address could not be resolved. The victim machine then started SYN FLOOD. We found only cymulate agent was communicating with the local ip address that sent spoofed request. I couldn’t find that ip address anywhere in the assessment report either.

Am I missing something here? Anyone with similar experience?

Hello @nithun_chand,
If the LLMNR poisoner was used during the assessment, it could be related to Hopper. Could you please open a support ticket, providing details on the alert and request? We'll extract agent logs and conduct an investigation if necessary.

Regards,
Nir Stolarsky
Product Manager

Reply