[179355] in North American Network Operators' Group
Re: Cisco/Level3 takedown
daemon@ATHENA.MIT.EDU (Christopher Morrow)
Thu Apr 9 11:47:43 2015
X-Original-To: nanog@nanog.org
In-Reply-To: <49A81EB09F493442B6D259E36251192C0171991E52@ndcc-exch1.neutraldata.com>
Date: Thu, 9 Apr 2015 11:47:36 -0400
From: Christopher Morrow <morrowc.lists@gmail.com>
To: Sameer Khosla <skhosla@neutraldata.com>
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
On Thu, Apr 9, 2015 at 11:31 AM, Sameer Khosla <skhosla@neutraldata.com> wrote:
> Was just reading http://blogs.cisco.com/security/talos/sshpsychos then checking my routing tables.
>
> Looks like the two /23's they mention are now being advertised as /24's, and I'm also not sure why cisco published the ssh attack dictionary.
>
> It seems to me that this is something that if they want to do, they should be working with entire service provider community, not just one provider.
are you sure they aren't engaged with a wider SP community?
(the dictionary seems relevant for: "Oh crap, my root account DOES
have password123 as the password :(")
