nanog mailing list archives
Re: Possible Sudden Uptick in ASA DOS?
From: Colin Johnston <colinj () gt86car org uk>
Date: Thu, 9 Jul 2015 15:09:35 +0100
you would think a researcher would stop once he realised effect being caused ? Colin
On 9 Jul 2015, at 14:08, Jared Mauch <jared () puck nether net> wrote: My guess is a researcher. We saw the same issue in the past with a Cisco microcode bug and people doing ping record route. When it went across a LC with a very specific set of software it would crash. If you crashed just upgrade your code, don't hide behind blocking an IP as people now know what to send/do. It won't be long. Jared MauchOn Jul 9, 2015, at 7:44 AM, Colin Johnston <colinj () gt86car org uk> wrote: Hi Jared, thanks for update do you know provider/source ip of the source of the attack ? ColinOn 9 Jul 2015, at 12:27, Jared Mauch <jared () puck nether net> wrote: Really just people not patching their software after warnings more than six months ago: July-08 UPDATE: Cisco PSIRT is aware of disruption to some Cisco customers with Cisco ASA devices affected by CVE-2014-3383, the Cisco ASA VPN Denial of Service Vulnerability that was disclosed in this Security Advisory. Traffic causing the disruption was isolated to a specific source IPv4 address. Cisco has engaged the provider and owner of that device and determined that the traffic was sent with no malicious intent. Cisco strongly recommends that customers upgrade to a fixed Cisco ASA software release to remediate this issue. Cisco has released free software updates that address these vulnerabilities. Workarounds that mitigate some of these vulnerabilities are available. Jared MauchOn Jul 8, 2015, at 1:15 PM, Michel Luczak <frnog () shrd fr> wrote:On 08 Jul 2015, at 18:58, Mark Mayfield <Mark.Mayfield () cityofroseville com> wrote: Come in this morning to find one failover pair of ASA's had the primary crash and failover, then a couple hours later, the secondary crash and failover, back to the primary.Not sure it’s related but I’ve read reports on FRNoG of ASAs crashing as well, seems related to a late leap second related issue. Regards, Michel
Current thread:
- Possible Sudden Uptick in ASA DOS? Mark Mayfield (Jul 08)
- Re: Possible Sudden Uptick in ASA DOS? Hugo Slabbert (Jul 08)
- Re: Possible Sudden Uptick in ASA DOS? Michel Luczak (Jul 08)
- Re: Possible Sudden Uptick in ASA DOS? Jared Mauch (Jul 09)
- Re: Possible Sudden Uptick in ASA DOS? Colin Johnston (Jul 09)
- Re: Possible Sudden Uptick in ASA DOS? Jared Mauch (Jul 09)
- Re: Possible Sudden Uptick in ASA DOS? Colin Johnston (Jul 09)
- Re: Possible Sudden Uptick in ASA DOS? Jared Mauch (Jul 09)
- Re: Possible Sudden Uptick in ASA DOS? Christopher Morrow (Jul 09)
- RE: Possible Sudden Uptick in ASA DOS? Chuck Church (Jul 09)
- Re: Possible Sudden Uptick in ASA DOS? Jared Mauch (Jul 09)
- Re: Possible Sudden Uptick in ASA DOS? Mark Andrews (Jul 09)
- Re: Possible Sudden Uptick in ASA DOS? Jared Mauch (Jul 10)
- RE: Possible Sudden Uptick in ASA DOS? Chuck Church (Jul 10)
- Re: Possible Sudden Uptick in ASA DOS? Jared Mauch (Jul 09)
- Re: Possible Sudden Uptick in ASA DOS? Ricky Beam (Jul 09)
- Re: Possible Sudden Uptick in ASA DOS? Jared Mauch (Jul 09)
- Re: Possible Sudden Uptick in ASA DOS? Nick Hilliard (Jul 09)