Cisco.SYNful.Knock
Description
This indicates that a system might be infected by Cisco SYNful Knock Malware.
SYNful Knock is a malware that is implanted into Cisco firmware images. Users that executes the images will be infected leading to a persistence presence within a victim's network.
Affected Products
Cisco Routers
Impact
System Compromise: Remote attackers can gain control of vulnerable systems.
Recommended Actions
If required, the signature's action can be set to "Block".
Refer to the vendor's advisory for updates:
http://www.cisco.com/web/about/security/intelligence/ERP_SYNfulKnock.html
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |