Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
Re: Cisco vulnerability scanning increase
From: NotPhunny Dude (morriswurmyahoo.com)
Date: Tue Sep 06 2005 - 10:49:43 CDT
Thanks for all the feedback. I'm not really worried
about being vulnerable, as indeed any wise network
admin turns off the web interface for routers and
switches. More so, I was worried if my corp was being
specifically targetted or not. When you see 200+ IP's
hitting some specific machines on your network, I
would tend to worry about a potential DoS. From all
the replies, apparently it is more widespread and not
just after me. Thanks again.
- Jack Bristow
> ----- Original Message -----
> From: <morriswurmyahoo.com>
> To: <incidentssecurityfocus.com>
> Sent: Friday, September 02, 2005 12:17 PM
> Subject: Cisco vulnerability scanning increase
> > We recently picked up a spike in TCP 80 scanning
> against one of our
> > netblocks.
> > Looking at the payload, it appears to be a Cisco
> vulnerability scanner.
> > /level/16/exec/-///pwd
> > Numerous random source IP's across various
> netblocks, makes it appear to
> > be bot related potentially. Anyone else seeing
> this type of activity?
Click here to donate to the Hurricane Katrina relief effort.