Re: Cisco vulnerability scanning increase

From: Joshua Hamor (jhamor_at_cnemedia.mi8.com)
Date: 09/02/05

  • Next message: nms_at_metafore.ca: "RE: Cisco vulnerability scanning increase"
    Date: Fri, 02 Sep 2005 13:38:14 -0700
    To: morriswurm@yahoo.com
    
    

    morriswurm@yahoo.com wrote:

    >We recently picked up a spike in TCP 80 scanning against one of our netblocks.
    >
    >Looking at the payload, it appears to be a Cisco vulnerability scanner.
    >
    > /level/16/exec/-///pwd
    >
    >Numerous random source IP's across various netblocks, makes it appear to be bot related potentially. Anyone else seeing this type of activity?
    >
    >
    >
    Absolutely. I was wondering what it was myself. Thanks for the clue. My
    error log is filled with that and the awstats scanning.


  • Next message: nms_at_metafore.ca: "RE: Cisco vulnerability scanning increase"