back to article FYI: Someone's scanning gateways, looking for those security holes Citrix told you not to worry too much about

This week Citrix tried to reassure everyone the 11 security flaws it just patched in its network perimeter products weren't all that bad. Well, we hope they're right because someone's scanning the internet looking for vulnerable installations. The sweeps could be made by researchers documenting at-risk organizations, or could …

  1. HildyJ Silver badge

    And I'm supposed to be surprised

    It's news and should be reported.

    But, really, didn't we all see this coming when ElReg reported the original story yesterday?

    1. Version 1.0 Silver badge

      Re: And I'm supposed to be surprised

      It would be very suspicious if there was a report that nobody was scanning gateways.

  2. tip pc Silver badge


    Maybe it’s a bug in the ipv6 implementation as shown in the vid.

  3. Steve Graham

    OK, software has bugs, but...

    "POST /rapi/filedownload?filter=path:%2Fetc%2Fpasswd"

    A file download API that allows access to any part of the filesystem? Astonishing stupidity.

    1. sabroni Silver badge

      Re: A file download API that allows access to any part of the filesystem?

      An api that attempts to access what you ask it to? What's wrong with that? Shouldn't the file system be the thing that says "You don't have permission to look at that"?

      The api should control who's allowed to call it, but it shouldn't be policing the file system.

      1. Surreal

        Re: A file download API that allows access to any part of the filesystem?

        I don't think it's a problem with the API, or the filesystem. Someone totally dropped the ball on sanitizing input parameters.

        I imagine that little Bobby Tables would be very disappointed.

  4. Anonymous Coward
    Anonymous Coward

    Why not just use Linux?

    It feels as though these days you'd be better off with a vanilla Linux distro at your perimeter.

    Sure custom boxes are wizzy and fun, but even if they are 20% more efficient maybe spend more money on 20% better hardware. You should at least separate the physical box with 200 ethernet connections from the huge mass of unnecessary "features" that lives embedded in these things by default.

  5. NonSSL-Login

    Scout Motto - Be Prepared

    Even if there is no current exploit for a new vulnerability just published, pre-scanning the net with Masscan for possible targets gives you a fresh clean list to run an exploit against if one appears shortly after. Allowing to you mass pwn much faster when then time arises using your lean list of pre-fingerprinted targets and a potentially more complete list than Shodan.

  6. adam payne

    I can't say i'm shocked that people are trying to exploit this already. I thought that was par for the course.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021