Security Incidents mailing list archives
Re: Cisco vulnerability scanning increase
From: NotPhunny Dude <morriswurm () yahoo com>
Date: Tue, 6 Sep 2005 08:49:43 -0700 (PDT)
Thanks for all the feedback. I'm not really worried about being vulnerable, as indeed any wise network admin turns off the web interface for routers and switches. More so, I was worried if my corp was being specifically targetted or not. When you see 200+ IP's hitting some specific machines on your network, I would tend to worry about a potential DoS. From all the replies, apparently it is more widespread and not just after me. Thanks again. - Jack Bristow
----- Original Message ----- From: <morriswurm () yahoo com> To: <incidents () securityfocus com> Sent: Friday, September 02, 2005 12:17 PM Subject: Cisco vulnerability scanning increaseWe recently picked up a spike in TCP 80 scanningagainst one of ournetblocks. Looking at the payload, it appears to be a Ciscovulnerability scanner./level/16/exec/-///pwd Numerous random source IP's across variousnetblocks, makes it appear tobe bot related potentially. Anyone else seeingthis type of activity?
______________________________________________________ Click here to donate to the Hurricane Katrina relief effort. http://store.yahoo.com/redcross-donate3/
Current thread:
- Cisco vulnerability scanning increase morriswurm (Sep 02)
- Re: Cisco vulnerability scanning increase Joshua Hamor (Sep 02)
- <Possible follow-ups>
- RE: Cisco vulnerability scanning increase nms (Sep 02)
- RE: Cisco vulnerability scanning increase Jose Nazario (Sep 03)
- RE: Cisco vulnerability scanning increase Smith, Brad (Sep 02)
- Re: Cisco vulnerability scanning increase NotPhunny Dude (Sep 06)