RE: Working vulnerability? (Cisco exploit)
It's released and it works - I have verified it in a lab here. BB
-----Original Message----- From: Ken Yeo [mailto:kenyeo@on-linecorp.com] Sent: Friday, July 18, 2003 3:24 PM To: nanog@merit.edu Subject: Working vulnerability? (Cisco exploit)
Is this true:
http://www.eweek.com/article2/0,3959,1196496,00.asp
**there is a working exploit for this vulnerability but that it has not been released yet.**
On Fri, 18 Jul 2003, Ben Buxton wrote:
It's released and it works - I have verified it in a lab here.
And others are trying it in the field now. I setup the recommended transit ACLs yesterday. Starting at 9:25am EDT this morning, those ACLs started getting hits. What doesn't make sense to me is according to the advisory, the packets have to be destined for the router to crash it (not just passed through it), but people are attacking seemingly random IPs, including ones in a new ARIN block that have not yet been assigned/used for anything. What do they think they're attacking? ---------------------------------------------------------------------- Jon Lewis *jlewis@lewis.org*| I route System Administrator | therefore you are Atlantic Net | _________ http://www.lewis.org/~jlewis/pgp for PGP public key_________
On Friday 18 July 2003 09:57, jlewis@lewis.org wrote:
just passed through it), but people are attacking seemingly random IPs, including ones in a new ARIN block that have not yet been assigned/used for anything. What do they think they're attacking?
Civilization. -- D'Arcy J.M. Cain <darcy@{druid|vex}.net> | Democracy is three wolves http://www.druid.net/darcy/ | and a sheep voting on +1 416 425 1212 (DoD#0082) (eNTP) | what's for dinner.
just passed through it), but people are attacking seemingly random IPs, including ones in a new ARIN block that have not yet been assigned/used for anything. What do they think they're attacking?
Civilization.
-- D'Arcy J.M. Cain <darcy@{druid|vex}.net> | Democracy is three wolves http://www.druid.net/darcy/ | and a sheep voting on +1 416 425 1212 (DoD#0082) (eNTP) | what's for dinner.
You call this civilisation? ;-) - Matt Matthew Watkins Network Engineer Infinity Developments (IDNET) Telephone: +44 (0)1462 476 555 Fax: +44 (0)1462 476 566 E-mail: matt@idnet.net.uk
... but people are attacking seemingly random IPs, including ones in a new ARIN block that have not yet been assigned/used for anything. What do they think they're attacking?
Civilization.
You call this civilisation?
Since I'm just now rereading e. e. "doc" smith's "Lensman" series, I took the answer in that context, and I completely agree. Not so much that it's what "we" are, that it's what "they" are fighting against. But I moralize. -- Paul Vixie
On Saturday 19 July 2003 10:48, Paul Vixie wrote:
What do they think they're attacking? Civilization. You call this civilisation?
Since I'm just now rereading e. e. "doc" smith's "Lensman" series, I took the answer in that context, and I completely agree. Not so much that it's what "we" are, that it's what "they" are fighting against.
Yes, that was exactly my point.
But I moralize.
You say that like it's a bad thing. -- D'Arcy J.M. Cain <darcy@{druid|vex}.net> | Democracy is three wolves http://www.druid.net/darcy/ | and a sheep voting on +1 416 425 1212 (DoD#0082) (eNTP) | what's for dinner.
On Fri, 18 Jul 2003 jlewis@lewis.org wrote:
On Fri, 18 Jul 2003, Ben Buxton wrote:
It's released and it works - I have verified it in a lab here.
And others are trying it in the field now. I setup the recommended transit ACLs yesterday. Starting at 9:25am EDT this morning, those ACLs started getting hits. What doesn't make sense to me is according to the advisory, the packets have to be destined for the router to crash it (not just passed through it), but people are attacking seemingly random IPs, including ones in a new ARIN block that have not yet been assigned/used for anything. What do they think they're attacking?
Is there wide spread use of the protocol 55? (IP Mobility) There seems to be alot of that around, more than I'd have expected :)
participants (6)
-
Ben Buxton -
Christopher L. Morrow -
D'Arcy J.M. Cain -
jlewis@lewis.org -
Matthew Watkins -
Paul Vixie