Sorry, I’m getting it now too. False alarm. Steve From: Josh Luthman [mailto:josh@imaginenetworksllc.com] Sent: Thursday, April 09, 2015 6:56 PM To: Naslund, Steve Cc: NANOG list Subject: RE: Cisco/Level3 takedown Websites up for me. Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Apr 9, 2015 7:55 PM, "Naslund, Steve" <SNaslund@medline.com<mailto:SNaslund@medline.com>> wrote: Can anyone else get to http://blogs.cisco.com ? I can't seem to reach it and was wondering if there was a counterattack of some type. Traceroute takes me to Rackspace in Dallas but the web site is not up. Steven Naslund Chicago IL -----Original Message----- From: NANOG [mailto:nanog-bounces@nanog.org<mailto:nanog-bounces@nanog.org>] On Behalf Of Christopher Morrow Sent: Thursday, April 09, 2015 10:48 AM To: Sameer Khosla Cc: nanog@nanog.org<mailto:nanog@nanog.org> Subject: Re: Cisco/Level3 takedown On Thu, Apr 9, 2015 at 11:31 AM, Sameer Khosla <skhosla@neutraldata.com<mailto:skhosla@neutraldata.com>> wrote:
Was just reading http://blogs.cisco.com/security/talos/sshpsychos then checking my routing tables.
Looks like the two /23's they mention are now being advertised as /24's, and I'm also not sure why cisco published the ssh attack dictionary.
It seems to me that this is something that if they want to do, they should be working with entire service provider community, not just one provider.
are you sure they aren't engaged with a wider SP community? (the dictionary seems relevant for: "Oh crap, my root account DOES have password123 as the password :(")