RE: Cisco vulnerability scanning increase
From: Smith, Brad (brad.smith_at_saskeds.com)
Date: 09/02/05
- Previous message: nms_at_metafore.ca: "RE: Cisco vulnerability scanning increase"
- Maybe in reply to: morriswurm_at_yahoo.com: "Cisco vulnerability scanning increase"
- Next in thread: NotPhunny Dude: "Re: Cisco vulnerability scanning increase"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 2 Sep 2005 15:21:21 -0600 To: <morriswurm@yahoo.com>, <incidents@securityfocus.com>
Yes we are seeing it in Saskatchewan Canada as well. We checked with our ISP and they said that they were not vulnerable to this attack. It looks like the routers need to have the webserver active on them for this to work.
________________________________
From: morriswurm@yahoo.com [mailto:morriswurm@yahoo.com]
Sent: Fri 9/2/2005 10:17 AM
To: incidents@securityfocus.com
Subject: Cisco vulnerability scanning increase
We recently picked up a spike in TCP 80 scanning against one of our netblocks.
Looking at the payload, it appears to be a Cisco vulnerability scanner.
/level/16/exec/-///pwd
Numerous random source IP's across various netblocks, makes it appear to be bot related potentially. Anyone else seeing this type of activity?
- Previous message: nms_at_metafore.ca: "RE: Cisco vulnerability scanning increase"
- Maybe in reply to: morriswurm_at_yahoo.com: "Cisco vulnerability scanning increase"
- Next in thread: NotPhunny Dude: "Re: Cisco vulnerability scanning increase"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
