nanog mailing list archives

Re: cisco IOS bug/exploit?

From: Jason Slagle <raistlin () tacorp net>
Date: Mon, 20 Aug 2001 15:38:43 -0400 (EDT)


Were these code red 1, or 2 infected hosts.

Do you have cmd.exe laying anywhere public?

Jason

-- 
Jason Slagle - CCNP - CCDP
Network Administrator - Toledo Internet Access - Toledo Ohio
- raistlin () tacorp net - jslagle () toledolink com - WHOIS JS10172
/"\ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
\ /   ASCII Ribbon Campaign  .  Interim Team Lead - . Admin -
 X  - NO HTML/RTF in e-mail  .        Coders        .   wombat.dal.net
/ \ - NO Word docs in e-mail . Team Lead - Exploits . DALnet IRC Network


On Mon, 20 Aug 2001, mike harrison wrote:

starting saturday night, i noticed that snmp queries were failing to one
or both of the routers at various points.


Saturday Night...
Code Red I infected machines started
flood pinging 65.161.40.42 and 65.161.40.142
Could this have contributed to the wierdness?

Current thread:

cisco IOS bug/exploit? Jim Mercer (Aug 20)
- Re: cisco IOS bug/exploit? Jeff Gehlbach (Aug 20)
- Re: cisco IOS bug/exploit? Barton F Bruce (Aug 20)
  - Re: cisco IOS bug/exploit? Mark Mentovai (Aug 20)
- Re: cisco IOS bug/exploit? mike harrison (Aug 20)
  - Re: cisco IOS bug/exploit? Jason Slagle (Aug 20)