From: "Vincent J. Bono" <vbono@vinny.org> Date: Wed, 16 Jul 2003 15:17:54 -0400
Hello All,
There seem to be rumors going around that there is a new major Cisco vulnerability but only the major backbones are being given fixes right now.
Not 100% true... Anyone with a Catalyst 4000/5000/6000 can get it - free. See this URL for details. http://www.cisco.com/warp/public/707/cisco-sa-20030709-swtcp.shtml
Something about packets malformed in a certain manner cause the router to wedge.
True. Regards, Gregory Hicks
Can anyne shed any light on or off list?
-vb
--------------------------------------------------------------------- Gregory Hicks | Principal Systems Engineer Cadence Design Systems | Direct: 408.576.3609 555 River Oaks Pkwy M/S 6B1 | Fax: 408.894.3479 San Jose, CA 95134 | Internet: ghicks@cadence.com Never attribute to malice that which is adequately explained by ignorance or stupidity. Asking the wrong questions is the leading cause of wrong answers "The best we can hope for concerning the people at large is that they be properly armed." --Alexander Hamilton
--On Wednesday, July 16, 2003 12:50 PM -0700 Gregory Hicks <ghicks@cadence.com> wrote:
From: "Vincent J. Bono" <vbono@vinny.org> Date: Wed, 16 Jul 2003 15:17:54 -0400
Hello All,
There seem to be rumors going around that there is a new major Cisco vulnerability but only the major backbones are being given fixes right now.
Not 100% true... Anyone with a Catalyst 4000/5000/6000 can get it - free. See this URL for details.
http://www.cisco.com/warp/public/707/cisco-sa-20030709-swtcp.shtml
Different vulnerability from what I hear.
On Wed, 16 Jul 2003, John Payne wrote:
--On Wednesday, July 16, 2003 12:50 PM -0700 Gregory Hicks <ghicks@cadence.com> wrote:
From: "Vincent J. Bono" <vbono@vinny.org> Date: Wed, 16 Jul 2003 15:17:54 -0400
Hello All,
There seem to be rumors going around that there is a new major Cisco vulnerability but only the major backbones are being given fixes right now.
Not 100% true... Anyone with a Catalyst 4000/5000/6000 can get it - free. See this URL for details.
http://www.cisco.com/warp/public/707/cisco-sa-20030709-swtcp.shtml
Different vulnerability from what I hear.
I'm hearing similar rumors, and Genuity has a "planned emergency maintenance" tomorrow morning, and there's some major weirdness with our AT&T feed over the past half hour. The rumored vulnerability is IOS, not CatOS and supposedly causes a reload, not a telnet DoS. -- Jay Hennigan - CCIE #7880 - Network Administration - jay@west.net WestNet: Connecting you to the planet. 805 884-6323 WB6RDV NetLojix Communications, Inc. - http://www.netlojix.com/
I'm hearing similar rumors, and Genuity has a "planned emergency maintenance" tomorrow morning, and there's some major weirdness with our AT&T feed over the past half hour.
This might explain the (very!) high number of maintenance alerts from QWest this week, as well.... --- david raistrick drais@atlasta.net http://www.expita.com/nomime.html
I'm hearing similar rumors, and Genuity has a "planned emergency maintenance" tomorrow morning, and there's some major weirdness with our AT&T feed over the past half hour.
This might explain the (very!) high number of maintenance alerts from QWest this week, as well....
Sprint, L3 and Cogent also announced a series of emergency maintenances. Pete
This might explain the (very!) high number of maintenance alerts from QWest this week, as well....
Sprint, L3 and Cogent also announced a series of emergency maintenances.
Ok, fine, don't tell the rest of use what it is, how to detect it, or how to defend against it. We in the university space will just do nothing because we have nothing to put into our IDS sensors to watch for/block it out. Because, you know, we're going to be the sources :) Eri c:)
On Wed, 16 Jul 2003, Eric Gauthier wrote:
Ok, fine, don't tell the rest of use what it is, how to detect it, or how to defend against it. We in the university space will just do nothing because we have nothing to put into our IDS sensors to watch for/block it out. Because, you know, we're going to be the sources :)
And then we'll hear all of the usual flak about how universities are unprepared to handle security problems... I would just like to hear if there is a publicly available fix yet. If the backbone carriers have already scheduled their work, then they likely have a fix in hand. If the fix isn't available, then a rough schedule would be good so we can plan. I'd like to understand the vulnerability, but I'd certainly be okay with cisco saying "psst. put this version of IOS on your boxes. don't ask us why just yet. we'll explain more later." Or, maybe they WANT *our* routers to kick over so that we can't source the attack... michael
participants (7)
-
David Raistrick -
Eric Gauthier -
Gregory Hicks -
Jay Hennigan -
John Payne -
Michael Sinatra -
Petri Helenius