Re: Cisco vulnerability scanning increase
From: NotPhunny Dude (morriswurm_at_yahoo.com)
Date: Tue, 6 Sep 2005 08:49:43 -0700 (PDT) To: firstname.lastname@example.org
Thanks for all the feedback. I'm not really worried
about being vulnerable, as indeed any wise network
admin turns off the web interface for routers and
switches. More so, I was worried if my corp was being
specifically targetted or not. When you see 200+ IP's
hitting some specific machines on your network, I
would tend to worry about a potential DoS. From all
the replies, apparently it is more widespread and not
just after me. Thanks again.
- Jack Bristow
> ----- Original Message -----
> From: <email@example.com>
> To: <firstname.lastname@example.org>
> Sent: Friday, September 02, 2005 12:17 PM
> Subject: Cisco vulnerability scanning increase
> > We recently picked up a spike in TCP 80 scanning
> against one of our
> > netblocks.
> > Looking at the payload, it appears to be a Cisco
> vulnerability scanner.
> > /level/16/exec/-///pwd
> > Numerous random source IP's across various
> netblocks, makes it appear to
> > be bot related potentially. Anyone else seeing
> this type of activity?
Click here to donate to the Hurricane Katrina relief effort.