WannaCry Ransomware Advisory
It has been all over the news this weekend, a surge in Ransomware under the name 'wannacry' that has the potential to cripple large portions of networks due to the way that it spreads.
This is a pretty stealthy piece of malware at the network level, little to no CnC has been confirmed, but at an individual level it doesn't behave much differently from any other Ransomware that we have seen in ...
Watch your MACs
We added a feature to alert you whenever a new MAC address is seen by the system. The system learns about MAC addresses either through analyzing the DHCP protocol or finding new MAC addresses in the normal network traffic (if you are mirroring/spanning the endpoints' MAC addresses).
It generates messages of the form:
Every time the system sees a new MAC address.
We recently added the MAC addresses to the event messages. The system gets the MAC addresses in two orthogonal ways:
We sniff the MAC headers from the passive tap. If the MSS sees more than 5 IP addresses with the same MAC, it stops recording because it means you are mirroring the connection between the switch and the next routing hop (probably the firewall) where the MAC addresses are not avai...