Re: Cisco vulnerability scanning increase

From: NotPhunny Dude (morriswurm_at_yahoo.com)
Date: 09/06/05

  • Next message: Michele Jordan: "RE: Incident legal plan??"
    Date: Tue, 6 Sep 2005 08:49:43 -0700 (PDT)
    To: incidents@securityfocus.com
    
    

    Thanks for all the feedback. I'm not really worried
    about being vulnerable, as indeed any wise network
    admin turns off the web interface for routers and
    switches. More so, I was worried if my corp was being
    specifically targetted or not. When you see 200+ IP's
    hitting some specific machines on your network, I
    would tend to worry about a potential DoS. From all
    the replies, apparently it is more widespread and not
    just after me. Thanks again.

    - Jack Bristow

    >
    > ----- Original Message -----
    > From: <morriswurm@yahoo.com>
    > To: <incidents@securityfocus.com>
    > Sent: Friday, September 02, 2005 12:17 PM
    > Subject: Cisco vulnerability scanning increase
    >
    >
    > >
    > > We recently picked up a spike in TCP 80 scanning
    > against one of our
    > > netblocks.
    > >
    > > Looking at the payload, it appears to be a Cisco
    > vulnerability scanner.
    > >
    > > /level/16/exec/-///pwd
    > >
    > > Numerous random source IP's across various
    > netblocks, makes it appear to
    > > be bot related potentially. Anyone else seeing
    > this type of activity?
    >
    >

            
                    
    ______________________________________________________
    Click here to donate to the Hurricane Katrina relief effort.
    http://store.yahoo.com/redcross-donate3/


  • Next message: Michele Jordan: "RE: Incident legal plan??"