Security Incidents mailing list archives

Cisco vulnerability scanning increase

From: morriswurm () yahoo com
Date: 2 Sep 2005 16:17:00 -0000


We recently picked up a spike in TCP 80 scanning against one of our netblocks. 

Looking at the payload, it appears to be a Cisco vulnerability scanner.

 /level/16/exec/-///pwd

Numerous random source IP's across various netblocks, makes it appear to be bot related potentially. Anyone else seeing 
this type of activity?

Current thread:

Cisco vulnerability scanning increase morriswurm (Sep 02)
- Re: Cisco vulnerability scanning increase Joshua Hamor (Sep 02)
- <Possible follow-ups>
- RE: Cisco vulnerability scanning increase nms (Sep 02)
  - RE: Cisco vulnerability scanning increase Jose Nazario (Sep 03)
- RE: Cisco vulnerability scanning increase Smith, Brad (Sep 02)
- Re: Cisco vulnerability scanning increase NotPhunny Dude (Sep 06)