Intrusion Prevention

Cisco.SYNful.Knock

Description

This indicates that a system might be infected by Cisco SYNful Knock Malware.
SYNful Knock is a malware that is implanted into Cisco firmware images. Users that executes the images will be infected leading to a persistence presence within a victim's network.

Affected Products

Cisco Routers

Impact

System Compromise: Remote attackers can gain control of vulnerable systems.

Recommended Actions

If required, the signature's action can be set to "Block".
Refer to the vendor's advisory for updates:
http://www.cisco.com/web/about/security/intelligence/ERP_SYNfulKnock.html