Thanks we have disabled this now - It is in our new build script, these were rolled out a few months ago.
I guess there is no way of seeing if this exploit was executed, perhaps in the crashdump somewhere? -----Original Message----- From: cisco-nsp [mailto:[email protected]] On Behalf Of Brandon Applegate Sent: Friday, March 16, 2018 1:19 PM To: cisco-nsp mailing list <[email protected]> Subject: Re: [c-nsp] many 2960-X rebooting today This message originates from outside of your organisation. > On Mar 16, 2018, at 12:49 PM, Nick Cutting <[email protected]> wrote: > > Anyone seen a number of internet facing 2960-X switches restart today? > > We have had 3 different clients, 6 different switches all reboot today. > > No uptime in common, no code version in common. > > One of them has WS-C2960X-24TS-L - Version 15.2(2)E6 > > The only thing they do have in common is that they have internet IP addresses > for MGT - with SSH allowed, locked down to certain public IP's. > > Just wondering if this may be the execution of an exploit by a baddie. > > Nick I haven’t - but the first thing that popped into my head was: https://github.com/Sab0tag3d/SIET You might want to scan/nmap your switches. I know some folks that got hit with this last year. -- Brandon Applegate - CCIE 10273 PGP Key fingerprint: 0641 D285 A36F 533A 73E5 2541 4920 533C C616 703A "For thousands of years men dreamed of pacts with demons. Only now are such things possible." _______________________________________________ cisco-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
