nanog mailing list archives
RE: Working vulnerability? (Cisco exploit)
From: "Christopher L. Morrow" <chris () UU NET>
Date: Fri, 18 Jul 2003 16:15:52 +0000 (GMT)
On Fri, 18 Jul 2003 jlewis () lewis org wrote:
On Fri, 18 Jul 2003, Ben Buxton wrote:It's released and it works - I have verified it in a lab here.And others are trying it in the field now. I setup the recommended transit ACLs yesterday. Starting at 9:25am EDT this morning, those ACLs started getting hits. What doesn't make sense to me is according to the advisory, the packets have to be destined for the router to crash it (not just passed through it), but people are attacking seemingly random IPs, including ones in a new ARIN block that have not yet been assigned/used for anything. What do they think they're attacking?
Is there wide spread use of the protocol 55? (IP Mobility) There seems to be alot of that around, more than I'd have expected :)
Current thread:
- RE: Working vulnerability? (Cisco exploit) Ben Buxton (Jul 18)
- RE: Working vulnerability? (Cisco exploit) jlewis (Jul 18)
- Re: Working vulnerability? (Cisco exploit) D'Arcy J.M. Cain (Jul 18)
- Re: Working vulnerability? (Cisco exploit) Matthew Watkins (Jul 18)
- Re: Working vulnerability? (Cisco exploit) Paul Vixie (Jul 19)
- Re: Working vulnerability? (Cisco exploit) D'Arcy J.M. Cain (Jul 19)
- Re: Working vulnerability? (Cisco exploit) D'Arcy J.M. Cain (Jul 18)
- RE: Working vulnerability? (Cisco exploit) jlewis (Jul 18)
- RE: Working vulnerability? (Cisco exploit) Christopher L. Morrow (Jul 18)
- <Possible follow-ups>
- RE: Working vulnerability? (Cisco exploit) Ben Buxton (Jul 18)
- Re: Working vulnerability? (Cisco exploit) Paul Vixie (Jul 19)
- Re: Working vulnerability? (Cisco exploit) Steve Francis (Jul 19)
- Re: Working vulnerability? (Cisco exploit) Paul Vixie (Jul 19)
- Re: Working vulnerability? (Cisco exploit) Rob Thomas (Jul 19)
- Re: Working vulnerability? (Cisco exploit) Paul Vixie (Jul 19)