Re: Cisco vulnerability scanning increase
From: Joshua Hamor (jhamor_at_cnemedia.mi8.com)
Date: 09/02/05
- Previous message: Chain, David (NA ITRC Team Lead): "RE: SSH compiled with backdoor"
- In reply to: morriswurm_at_yahoo.com: "Cisco vulnerability scanning increase"
- Next in thread: nms_at_metafore.ca: "RE: Cisco vulnerability scanning increase"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 02 Sep 2005 13:38:14 -0700 To: morriswurm@yahoo.com
morriswurm@yahoo.com wrote:
>We recently picked up a spike in TCP 80 scanning against one of our netblocks.
>
>Looking at the payload, it appears to be a Cisco vulnerability scanner.
>
> /level/16/exec/-///pwd
>
>Numerous random source IP's across various netblocks, makes it appear to be bot related potentially. Anyone else seeing this type of activity?
>
>
>
Absolutely. I was wondering what it was myself. Thanks for the clue. My
error log is filled with that and the awstats scanning.
- Previous message: Chain, David (NA ITRC Team Lead): "RE: SSH compiled with backdoor"
- In reply to: morriswurm_at_yahoo.com: "Cisco vulnerability scanning increase"
- Next in thread: nms_at_metafore.ca: "RE: Cisco vulnerability scanning increase"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
