I’ve ran a hopper assessment but our internal firewall alerted of a spoofed request from an internal ip address. The ip address could not be resolved. The victim machine then started SYN FLOOD. We found only cymulate agent was communicating with the local ip address that sent spoofed request. I couldn’t find that ip address anywhere in the assessment report either.
Am I missing something here? Anyone with similar experience?
Best answer by nirs
View original
+2
I’ve ran a hopper assessment but our internal firewall alerted of a spoofed request from an internal ip address. The ip address could not be resolved. The victim machine then started SYN FLOOD. We found only cymulate agent was communicating with the local ip address that sent spoofed request. I couldn’t find that ip address anywhere in the assessment report either.
Am I missing something here? Anyone with similar experience?
Hello
If the LLMNR poisoner was used during the assessment, it could be related to Hopper. Could you please open a support ticket, providing details on the alert and request? We'll extract agent logs and conduct an investigation if necessary.
Regards,
Nir Stolarsky
Product Manager
No account yet? Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.
