Security Incidents mailing list archives

RE: Cisco vulnerability scanning increase

From: "Smith, Brad" <brad.smith () saskeds com>
Date: Fri, 2 Sep 2005 15:21:21 -0600

Yes we are seeing it in Saskatchewan Canada as well. We checked with our ISP and they said that they were not 
vulnerable to this attack. It looks like the routers need to have the webserver active on them for this to work.

________________________________

From: morriswurm () yahoo com [mailto:morriswurm () yahoo com]
Sent: Fri 9/2/2005 10:17 AM
To: incidents () securityfocus com
Subject: Cisco vulnerability scanning increase

We recently picked up a spike in TCP 80 scanning against one of our netblocks.

Looking at the payload, it appears to be a Cisco vulnerability scanner.

 /level/16/exec/-///pwd

Numerous random source IP's across various netblocks, makes it appear to be bot related potentially. Anyone else seeing 
this type of activity?

Current thread:

Cisco vulnerability scanning increase morriswurm (Sep 02)
- Re: Cisco vulnerability scanning increase Joshua Hamor (Sep 02)
- <Possible follow-ups>
- RE: Cisco vulnerability scanning increase nms (Sep 02)
  - RE: Cisco vulnerability scanning increase Jose Nazario (Sep 03)
- RE: Cisco vulnerability scanning increase Smith, Brad (Sep 02)
- Re: Cisco vulnerability scanning increase NotPhunny Dude (Sep 06)