[nsp-sec] Vague query for the group
Rob Thomas
robt at cymru.com
Fri Oct 14 17:15:09 EDT 2011
Hi, team.
A friend of mine hit me up with an interesting query. He is doing
some research on a sort of surreptitious netcrawler. It seems to be
very open-ended; it is capable of looking for any programmable endpoint
(e.g. TCP, UDP, you name it). It is also very, very subtle. It isn't
likely to trigger the usual detection methods.
I realize this is very vague, and unfortunately this is all I have to go
on. I don't have any flows, network traces, etc. If any of this sounds
even vaguely familiar, please ping me offlist.
Thanks!
Rob.
--
Rob Thomas
Team Cymru
https://www.team-cymru.org/
"Say little and do much." M Avot 1:15
More information about the nsp-security
mailing list