Security Incidents mailing list archives
RE: Cisco vulnerability scanning increase
From: <nms () metafore ca>
Date: Fri, 2 Sep 2005 18:44:11 -0400
Yup have noticed it here as well. Several hundred source IPs now, last couple of days... getting rather annoying. had to lower the sev. on the IDS systems to stop from sending me pages for every incident. --------------------------------------------------- Paul W. Smith Senior Network Operations Engineer MCP, SCWSE, SCSA, SCNA, ACE, 3CSA, CNS, CLS, CLA, CRA, BCCA, JNCIA-FWV Enterprise Services Metafore Corporation Direct: 905.362.8300 x 7366 Cell: 416.271.6937 Toll Free: 800.563.7515 x 7366 psmith () metafore ca http://www.metafore.ca M E T A F O R E IT SOLUTIONS real people----o o----real results ---------------------------------------------------- morriswurm () yahoo com 09/02/2005 12:17 PM To incidents () securityfocus com cc Subject Cisco vulnerability scanning increase We recently picked up a spike in TCP 80 scanning against one of our netblocks. Looking at the payload, it appears to be a Cisco vulnerability scanner. /level/16/exec/-///pwd Numerous random source IP's across various netblocks, makes it appear to be bot related potentially. Anyone else seeing this type of activity?
Current thread:
- Cisco vulnerability scanning increase morriswurm (Sep 02)
- Re: Cisco vulnerability scanning increase Joshua Hamor (Sep 02)
- <Possible follow-ups>
- RE: Cisco vulnerability scanning increase nms (Sep 02)
- RE: Cisco vulnerability scanning increase Jose Nazario (Sep 03)
- RE: Cisco vulnerability scanning increase Smith, Brad (Sep 02)
- Re: Cisco vulnerability scanning increase NotPhunny Dude (Sep 06)