Post · bonfire.cafe

Post

Ruh roh. That feeling when you get the Google "we detected unusual activity from your computer or network" page and wonder if some IoT device on your network got popped...

Anyone know how to scan my network for #Kimwolf? (I don't THINK I have any old Android TVs but it's the big one of the moment I'm aware of...)

#CyberSec #Botnet

Fritz Adalis

@FritzAdalis@infosec.exchange replied · 2 weeks ago

@tim @catsalad
My go-to is usually nmap. It doesn't show infections and isn't really a vuln scanner but it's hard to beat for getting an inventory of what's connected. If you're not familiar, try e.g.:
nmap -sS -A 192.168.2.1-254

Add -v for more info.

Jérôme Meyer

@jmeyer@infosec.exchange replied · 4 weeks ago

@tim https://synthient.com/check and https://spur.us/context/me
Not specific to Kimwolf but to residential proxies in general.

https://spur.us/context/me

AMS

@AMS@infosec.exchange replied · 4 weeks ago

@tim Greynoise has a self check if their honeypot network saw anything. https://check.labs.greynoise.io/

Usually I get that from google when they don't like my adblocker.

Cat 🐈🥗 (D.Burch) :paw:⁠:paw:

@catsalad@infosec.exchange replied · 2 weeks ago

@AMS @tim Yeah, I've seen that while fiddling with my adblock and NoScript settings.

Almost like the ad company hates adblock, or something.

Tim W RESISTS

@tim@union.place replied · 4 weeks ago

Or a non-snake-oil "scan my local network" tool in general?

emerssso

@emerssso@union.place replied · 4 weeks ago

@tim I've used the free tier of Nessus to run scans on my network. Kind of a pain to set up, but it did tag some vulns in some of my IoT stuff that was medium useful.

bonfire.cafe

A space for Bonfire maintainers and contributors to communicate

bonfire.cafe: About · Code of conduct · Privacy · Users · Instances

Bonfire social · 1.0.2-alpha.7 no JS en

Automatic federation enabled