RE: Cisco vulnerability scanning increase

• Previous message: Joshua Hamor: "Re: Cisco vulnerability scanning increase"
• Maybe in reply to: morriswurm_at_yahoo.com: "Cisco vulnerability scanning increase"
• Next in thread: Jose Nazario: "RE: Cisco vulnerability scanning increase"
• Reply: Jose Nazario: "RE: Cisco vulnerability scanning increase"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: <incidents@securityfocus.com>
Date: Fri, 2 Sep 2005 18:44:11 -0400

Yup have noticed it here as well. Several hundred source IPs now, last
couple of days... getting rather annoying. had to lower the sev. on the IDS
systems to stop from sending me pages for every incident.

---------------------------------------------------
Paul W. Smith
Senior Network Operations Engineer
MCP, SCWSE, SCSA, SCNA, ACE, 3CSA, CNS, CLS, CLA, CRA, BCCA, JNCIA-FWV
Enterprise Services
Metafore Corporation
Direct: 905.362.8300 x 7366
Cell: 416.271.6937
Toll Free: 800.563.7515 x 7366
psmith@metafore.ca
http://www.metafore.ca
M E T A F O R E
IT SOLUTIONS
real people----o
o----real results
----------------------------------------------------

morriswurm@yahoo.com
09/02/2005 12:17 PM

To
incidents@securityfocus.com
cc
Subject
Cisco vulnerability scanning increase

We recently picked up a spike in TCP 80 scanning against one of our
netblocks.
Looking at the payload, it appears to be a Cisco vulnerability scanner.
/level/16/exec/-///pwd
Numerous random source IP's across various netblocks, makes it appear to be
bot related potentially. Anyone else seeing this type of activity?

• Previous message: Joshua Hamor: "Re: Cisco vulnerability scanning increase"
• Maybe in reply to: morriswurm_at_yahoo.com: "Cisco vulnerability scanning increase"
• Next in thread: Jose Nazario: "RE: Cisco vulnerability scanning increase"
• Reply: Jose Nazario: "RE: Cisco vulnerability scanning increase"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]