[tforum] RE: [Fwd: Cisco routers attacked]

Bill Parr bparr@cisco.com
Fri, 12 Dec 2003 06:25:56 -0800


This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.

------_=_NextPart_001_01C3C0BB.DB1ACD50
Content-Type: text/plain

As a reminder, please register to receive PSIRT updates from Cisco on any
new vulnerabilities:

Subscribing to cust-security-announce@cisco.com
To subscribe to "cust-security-announce@cisco.com," send an e-mail message
to "majordomo@cisco.com" with the single line "subscribe
cust-security-announce" as the entire content of the body of the message.
You will receive confirmation instructions and a list policy statement.

Please remember:

The request must go to "majordomo@cisco.com," not to the
cust-security-announce list itself. 

You must send the message from the account that will be subscribed to the
list. We do not accept subscriptions for one account that are sent from a
second account. 

You must place the "subscribe cust-security-announce" command in the body of
the message, not on the subject line. 
Because many Cisco customers want to see only announcement messages from
Cisco, only certain Cisco employees are authorized to send messages to
cust-security-announce@cisco.com.

There is a separate discussion list, called
"cust-security-discuss@cisco.com," that permits security-related discussions
between Cisco customers.  You can subscribe to
"cust-security-discuss@cisco.com" in the same way that you would subscribe
to "cust-security-announce@cisco.com." Only subscribers are permitted to
send messages to "cust-security-discuss@cisco.com."


Bill

-----Original Message-----
From: Joe Breen [mailto:Joe.Breen@utah.edu] 
Sent: Friday, December 12, 2003 6:40 AM
To: all-managers@lists.utah.edu; tforum@uen.org
Cc: Bill Parr
Subject: [Fwd: Cisco routers attacked]


Old vulnerabilities die hard.  Here is an encouragement to do a security 
maintenance check of your core routing/switching infrastructure. 
School's out and the Christmas script kiddies are already on the prowl.

Happy Holidays,
	--Joe

-------- Original Message --------
Subject: Cisco routers attacked
Date: Fri, 12 Dec 2003 07:38:07 -0500
From: REN-ISAC <dodpears@indiana.edu>
To: abilene-ops-l@LISTSERV.INDIANA.EDU

Complete details are sketchy, but it appears that more than a dozen 
Cisco routers and switches at seven Abilene-connected universities were 
recently taken over via the vulnerability described at:
http://www.cisco.com/warp/public/707/IOS-httplevel-pub.html

If your institution has any device running Cisco IOS software release 
greater than 11.3 and less than the fix version (specific to train) it 
would be wise to fix or work around the vulnerability.

Doug Pearson
REN-ISAC

                                 ******
    For administrative requests concerning Abilene-Ops-L, please contact
    noc@abilene.iu.edu.


------_=_NextPart_001_01C3C0BB.DB1ACD50
Content-Type: text/html
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">



RE: [Fwd: Cisco routers attacked]



As a reminder, please register to receive PSIRT = updates from Cisco on any new vulnerabilities:

Subscribing to = cust-security-announce@cisco.com
To subscribe to = "cust-security-announce@cisco.com," send an e-mail message to = "majordomo@cisco.com" with the single line "subscribe = cust-security-announce" as the entire content of the body of the = message. You will receive confirmation instructions and a list policy = statement.

Please remember:

The request must go to = "majordomo@cisco.com," not to the cust-security-announce list = itself.

You must send the message from the account that will = be subscribed to the list. We do not accept subscriptions for one = account that are sent from a second account.

You must place the "subscribe = cust-security-announce" command in the body of the message, not on = the subject line.
Because many Cisco customers want to see only = announcement messages from Cisco, only certain Cisco employees are = authorized to send messages to = cust-security-announce@cisco.com.

There is a separate discussion list, called = "cust-security-discuss@cisco.com," that permits = security-related discussions between Cisco customers.  You can = subscribe to "cust-security-discuss@cisco.com" in the same = way that you would subscribe to = "cust-security-announce@cisco.com." Only subscribers are = permitted to send messages to = "cust-security-discuss@cisco.com."


Bill

-----Original Message-----
From: Joe Breen [mailto:Joe.Breen@utah.edu] =
Sent: Friday, December 12, 2003 6:40 AM
To: all-managers@lists.utah.edu; = tforum@uen.org
Cc: Bill Parr
Subject: [Fwd: Cisco routers attacked]


Old vulnerabilities die hard.  Here is an = encouragement to do a security
maintenance check of your core routing/switching = infrastructure.
School's out and the Christmas script kiddies are = already on the prowl.

Happy Holidays,
        --Joe

-------- Original Message --------
Subject: Cisco routers attacked
Date: Fri, 12 Dec 2003 07:38:07 -0500
From: REN-ISAC <dodpears@indiana.edu>
To: abilene-ops-l@LISTSERV.INDIANA.EDU

Complete details are sketchy, but it appears that = more than a dozen
Cisco routers and switches at seven = Abilene-connected universities were
recently taken over via the vulnerability described = at: http://www.cisco.com/warp/public/707/IOS-httplevel-pub= .html

If your institution has any device running Cisco IOS = software release
greater than 11.3 and less than the fix version = (specific to train) it
would be wise to fix or work around the = vulnerability.

Doug Pearson
REN-ISAC

          &nb= sp;           &nb= sp;          ******
    For administrative requests = concerning Abilene-Ops-L, please contact
    noc@abilene.iu.edu.

------_=_NextPart_001_01C3C0BB.DB1ACD50--