[lug] Possible DOS on CIsco 675

D. Stimits stimits at idcomm.com
Thu Jul 19 14:59:33 MDT 2001


Chip Atkinson wrote:
> 
> Yes, it sure looks like it was the same thing.  The 675 is still up I
> might add.  I suspect that there are one or two people who found out how
> to do this DOS and are going through all sorts of addresses now.

"All sorts" is an understatement...I'm now getting new hits from
previously unseen ip's about once each 15 seconds. All port 80. Until
now the biggest hit was port 111.

D. Stimits, stimits at idcomm.com

> 
> Scott A. Herod wrote:
> 
> > That's the one mentioned in the mailing list article that Michael
> > sent out.
> >
> > http://www.securityfocus.com/frames/?content=/templates/archive.pike%3Flist%3D1%26start%3D2001-07-15%26mid%3D197992%26threads%3D0%26end%3D2001-07-21%26fromthread%3D0%26
> >
> > Chip Atkinson wrote:
> >
> >> Greetings,
> >>
> >> This morning my 675 kept going down and would require a power cycle to
> >> restore it.  A little web search indicated that it's possible to kill
> >> the 675 through the web interface.  I disabled the web interface and the
> >> 675 hasn't gone down since.  I suspect that the 675 was being DOSed.
> >> Here's a link to the page I found:
> >> http://security-archive.merton.ox.ac.uk/bugtraq-200011/0393.html
> >>
> >> Chip
> >
> > _______________________________________________
> > Web Page:  http://lug.boulder.co.us
> > Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> 
> _______________________________________________
> Web Page:  http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug



More information about the LUG mailing list