There are a couple of well known holes in the CSS (nee ArrowPoint). http://www.cisco.com/warp/public/707/arrowpoint-cli-filesystem-pub.shtml You might want to contact the party responsible for these devices and have them check them. ---Matthew *********** REPLY SEPARATOR *********** On 9/28/2001 at 2:04 PM Heather Adkins wrote: >According to your banner, that host is an Arrowpoint (AKA a Cisco CSS) >switch. > >Port 5001 is the default port for the Application Peering Protocol. It >allows switches to communicate to each other to share content information >(like content rules). > >I highly doubt your switch has been compromised. > >-- Heather Adkins >-- Security Engineer >-- NOCpulse, INC. >-- 408.541.2857 > >On Fri, 28 Sep 2001, Chad Mawson wrote: > >> I vaguely remember seeing something about this a month or so ago, but I >> don't remember any details. I am getting attempts 1-2 times a day from >> different IP addresses on TCP port 22. >> >> nmap returns this: >> >> Port State Protocol Service >> 21 open tcp ftp >> 22 open tcp ssh >> 23 open tcp telnet >> 80 filtered tcp http >> 5001 open tcp commplex-link >> >> I can't get a telnet, or http response, but ssh and ftp do. FTP - (not >> trying to log in, just getting the headers) shows: >> >> 220 ArrowPoint (5.3.1) FTP server ready >> Name (216.34.77.12:root): >> 331 Password required >> Password: >> 530 Login failed. >> Login failed. >> ftp> quit >> 221 Thank you for visiting. May the remainder of your day be filled with >> joy. >> >> I also can't find any good info on the port 5001, I'm assuming these >> systems have been compromised, but I'd like to make sure before I start >> trying to contact anyone. >> >> Thanks >> >> Chad Mawson >> Woods & Aitken LLP >> >> ------------------------------------------------------------------------ >> ---- >> This list is provided by the SecurityFocus ARIS analyzer service. >> For more information on this free incident handling, management >> and tracking system please see: http://aris.securityfocus.com >> > > >---------------------------------------------------------------------------- >This list is provided by the SecurityFocus ARIS analyzer service. >For more information on this free incident handling, management >and tracking system please see: http://aris.securityfocus.com ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Fri Sep 28 2001 - 14:19:47 PDT