[c-nsp] many 2960-X rebooting today
Brandon Applegate
brandon at burn.net
Fri Mar 16 13:19:19 EDT 2018
> On Mar 16, 2018, at 12:49 PM, Nick Cutting <ncutting at edgetg.com> wrote:
>
> Anyone seen a number of internet facing 2960-X switches restart today?
>
> We have had 3 different clients, 6 different switches all reboot today.
>
> No uptime in common, no code version in common.
>
> One of them has WS-C2960X-24TS-L - Version 15.2(2)E6
>
> The only thing they do have in common is that they have internet IP addresses for MGT - with SSH allowed, locked down to certain public IP's.
>
> Just wondering if this may be the execution of an exploit by a baddie.
>
> Nick
I haven’t - but the first thing that popped into my head was:
https://github.com/Sab0tag3d/SIET
You might want to scan/nmap your switches. I know some folks that got hit with this last year.
--
Brandon Applegate - CCIE 10273
PGP Key fingerprint:
0641 D285 A36F 533A 73E5 2541 4920 533C C616 703A
"For thousands of years men dreamed of pacts with demons.
Only now are such things possible."
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: Message signed with OpenPGP
URL: <https://puck.nether.net/pipermail/cisco-nsp/attachments/20180316/6fae3b3b/attachment.sig>
More information about the cisco-nsp
mailing list