Security Incidents mailing list archives

Detecting Cisco IOS probes

From: "Mark Ryan del Moral Talabis" <talabis () gmail com>
Date: Tue, 7 Mar 2006 10:37:27 +0800

Detecting Cisco IOS probes

We have detected activity directed towards Cisco IOS sytems via http.
Most likely, the said activity are probes looking for live Cisco
machines with vulnerable Cisco IOS software accessible via its HTTP
server. Based on the signature of the probes, it seems that the
following tool is being used: cisco scanner v0.2.

Full analysis:
http://www.philippinehoneynet.org/dataarchive.php?date=2006-02-16

Ryan Talabis
Philippine Honeynet Project
http://www.philippinehoneynet.org

Current thread:

Detecting Cisco IOS probes Mark Ryan del Moral Talabis (Mar 06)
- <Possible follow-ups>
- Re: Detecting Cisco IOS probes Fergie (Mar 07)