nanog mailing list archives

RE: Cisco/Level3 takedown

From: "Naslund, Steve" <SNaslund () medline com>
Date: Thu, 9 Apr 2015 23:53:44 +0000

Can anyone else get to http://blogs.cisco.com  ?  I can't seem to reach it and was wondering if there was a 
counterattack of some type.  Traceroute takes me to Rackspace in Dallas but the web site is not up.

Steven Naslund
Chicago IL

-----Original Message-----
From: NANOG [mailto:nanog-bounces () nanog org] On Behalf Of Christopher Morrow
Sent: Thursday, April 09, 2015 10:48 AM
To: Sameer Khosla
Cc: nanog () nanog org
Subject: Re: Cisco/Level3 takedown

On Thu, Apr 9, 2015 at 11:31 AM, Sameer Khosla <skhosla () neutraldata com> wrote:

Was just reading http://blogs.cisco.com/security/talos/sshpsychos then checking my routing tables.

Looks like the two /23's they mention are now being advertised as /24's, and I'm also not sure why cisco published 
the ssh attack dictionary.

It seems to me that this is something that if they want to do, they should be working with entire service provider 
community, not just one provider.


are you sure they aren't engaged with a wider SP community?
(the dictionary seems relevant for: "Oh crap, my root account DOES have password123 as the password :(")

Current thread:

Cisco/Level3 takedown Sameer Khosla (Apr 09)
- Re: Cisco/Level3 takedown Christopher Morrow (Apr 09)
  - RE: Cisco/Level3 takedown Naslund, Steve (Apr 09)
    - RE: Cisco/Level3 takedown Josh Luthman (Apr 09)
    - RE: Cisco/Level3 takedown Naslund, Steve (Apr 09)
- Re: Cisco/Level3 takedown Blake Hudson (Apr 09)
  - Re: Cisco/Level3 takedown Steve Noble (Apr 09)
    - macomnet weird dns record Colin Johnston (Apr 14)
    - Re: macomnet weird dns record Nikolay Shopik (Apr 14)
    - Re: macomnet weird dns record Stephane Bortzmeyer (Apr 14)
    - Re: macomnet weird dns record Colin Johnston (Apr 14)
    - Re: macomnet weird dns record Stephane Bortzmeyer (Apr 14)
    - RE: macomnet weird dns record Chuck Church (Apr 14)

(Thread continues...)