RE: Cisco vulnerability scanning increase

nms_at_metafore.ca
Date: 09/03/05

  • Next message: Smith, Brad: "RE: Cisco vulnerability scanning increase"
    To: <incidents@securityfocus.com>
    Date: Fri, 2 Sep 2005 18:44:11 -0400
    
    

    Yup have noticed it here as well. Several hundred source IPs now, last
    couple of days... getting rather annoying. had to lower the sev. on the IDS
    systems to stop from sending me pages for every incident.

    ---------------------------------------------------
    Paul W. Smith
    Senior Network Operations Engineer
    MCP, SCWSE, SCSA, SCNA, ACE, 3CSA, CNS, CLS, CLA, CRA, BCCA, JNCIA-FWV
    Enterprise Services
    Metafore Corporation
    Direct: 905.362.8300 x 7366
    Cell: 416.271.6937
    Toll Free: 800.563.7515 x 7366
    psmith@metafore.ca
    http://www.metafore.ca
    M E T A F O R E
    IT SOLUTIONS
    real people----o
    o----real results
    ----------------------------------------------------

    morriswurm@yahoo.com
    09/02/2005 12:17 PM

    To
    incidents@securityfocus.com
    cc
    Subject
    Cisco vulnerability scanning increase

    We recently picked up a spike in TCP 80 scanning against one of our
    netblocks.
    Looking at the payload, it appears to be a Cisco vulnerability scanner.
    /level/16/exec/-///pwd
    Numerous random source IP's across various netblocks, makes it appear to be
    bot related potentially. Anyone else seeing this type of activity?


  • Next message: Smith, Brad: "RE: Cisco vulnerability scanning increase"