[179386] in North American Network Operators' Group
RE: Cisco/Level3 takedown
daemon@ATHENA.MIT.EDU (Josh Luthman)
Thu Apr 9 19:58:29 2015
X-Original-To: nanog@nanog.org
In-Reply-To: <9578293AE169674F9A048B2BC9A081B401BFB0BCE5@MUNPRDMBXA1.medline.com>
Date: Thu, 9 Apr 2015 19:56:26 -0400
From: Josh Luthman <josh@imaginenetworksllc.com>
To: "Naslund, Steve" <SNaslund@medline.com>
Cc: NANOG list <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
Websites up for me.
Josh Luthman
Office: 937-552-2340
Direct: 937-552-2343
1100 Wayne St
Suite 1337
Troy, OH 45373
On Apr 9, 2015 7:55 PM, "Naslund, Steve" <SNaslund@medline.com> wrote:
> Can anyone else get to http://blogs.cisco.com ? I can't seem to reach
> it and was wondering if there was a counterattack of some type. Traceroute
> takes me to Rackspace in Dallas but the web site is not up.
>
> Steven Naslund
> Chicago IL
>
> -----Original Message-----
> From: NANOG [mailto:nanog-bounces@nanog.org] On Behalf Of Christopher
> Morrow
> Sent: Thursday, April 09, 2015 10:48 AM
> To: Sameer Khosla
> Cc: nanog@nanog.org
> Subject: Re: Cisco/Level3 takedown
>
> On Thu, Apr 9, 2015 at 11:31 AM, Sameer Khosla <skhosla@neutraldata.com>
> wrote:
> > Was just reading http://blogs.cisco.com/security/talos/sshpsychos then
> checking my routing tables.
> >
> > Looks like the two /23's they mention are now being advertised as /24's,
> and I'm also not sure why cisco published the ssh attack dictionary.
> >
> > It seems to me that this is something that if they want to do, they
> should be working with entire service provider community, not just one
> provider.
>
> are you sure they aren't engaged with a wider SP community?
> (the dictionary seems relevant for: "Oh crap, my root account DOES have
> password123 as the password :(")
>
