I would say it depends on the complexity and probability of it happening accidentally. An incorrect letter (language change perhaps) in a URL that crashes a web server might not be malicious. A crafted ESP or ISAKMP packet that was created in a Linux packet tool and 'randomly' hits your VPN I'd say is no accident. I agree with Jared, patch your stuff when the PSIRTs come out. But whether or not you're patched, if you're attacked, that person still is breaking the law. Think about leaving your car somewhere with the door open and keys in ignition. Someone steals it. They're still a criminal, even though you made their 'job' as easy as possible. Chuck -----Original Message----- From: Mark Andrews [mailto:marka@isc.org] Sent: Thursday, July 09, 2015 10:06 PM To: Chuck Church Cc: 'Jared Mauch'; 'Colin Johnston'; nanog@nanog.org Subject: Re: Possible Sudden Uptick in ASA DOS? In message <011d01d0bab1$e7890a00$b69b1e00$@gmail.com>, "Chuck Church" writes:
-----Original Message----- From: NANOG [mailto:nanog-bounces@nanog.org] On Behalf Of Jared Mauch Sent: Thursday, July 09, 2015 9:08 AM To: Colin Johnston Cc: nanog@nanog.org Subject: Re: Possible Sudden Uptick in ASA DOS?
My guess is a researcher.
I wouldn't classify someone sending known malicious traffic towards someone else's network device attempting to crash it as a 'researcher'. Criminal is a better term.
Chuck
At what point does a well formed but bug triggering packet go from "malicious" to "expected"? Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: marka@isc.org