> On Mar 16, 2018, at 12:49 PM, Nick Cutting <[email protected]> wrote: > > Anyone seen a number of internet facing 2960-X switches restart today? > > We have had 3 different clients, 6 different switches all reboot today. > > No uptime in common, no code version in common. > > One of them has WS-C2960X-24TS-L - Version 15.2(2)E6 > > The only thing they do have in common is that they have internet IP addresses > for MGT - with SSH allowed, locked down to certain public IP's. > > Just wondering if this may be the execution of an exploit by a baddie. > > Nick
I haven’t - but the first thing that popped into my head was: https://github.com/Sab0tag3d/SIET You might want to scan/nmap your switches. I know some folks that got hit with this last year. -- Brandon Applegate - CCIE 10273 PGP Key fingerprint: 0641 D285 A36F 533A 73E5 2541 4920 533C C616 703A "For thousands of years men dreamed of pacts with demons. Only now are such things possible."
signature.asc
Description: Message signed with OpenPGP
_______________________________________________ cisco-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
