← Back to Explore
sigmamediumHunting
Cisco Denial of Service
Detect a system being shutdown or put into different boot mode
Detection Query
keywords:
- shutdown
- config-register 0x2100
- config-register 0x2142
condition: keywords
Author
Austin Clark
Created
2019-08-15
Data Sources
ciscoaaa
Platforms
cisco
Tags
attack.impactattack.t1495attack.t1529attack.t1565.001
Raw Content
title: Cisco Denial of Service
id: d94a35f0-7a29-45f6-90a0-80df6159967c
status: test
description: Detect a system being shutdown or put into different boot mode
author: Austin Clark
date: 2019-08-15
modified: 2023-01-04
tags:
- attack.impact
- attack.t1495
- attack.t1529
- attack.t1565.001
logsource:
product: cisco
service: aaa
detection:
keywords:
- 'shutdown'
- 'config-register 0x2100'
- 'config-register 0x2142'
condition: keywords
falsepositives:
- Legitimate administrators may run these commands, though rarely.
level: medium