Re: Cisco vulnerability scanning increase
From: Joshua Hamor (jhamor_at_cnemedia.mi8.com)
Date: Fri, 02 Sep 2005 13:38:14 -0700 To: firstname.lastname@example.org
>We recently picked up a spike in TCP 80 scanning against one of our netblocks.
>Looking at the payload, it appears to be a Cisco vulnerability scanner.
>Numerous random source IP's across various netblocks, makes it appear to be bot related potentially. Anyone else seeing this type of activity?
Absolutely. I was wondering what it was myself. Thanks for the clue. My
error log is filled with that and the awstats scanning.