[181901] in North American Network Operators' Group
Re: Possible Sudden Uptick in ASA DOS?
daemon@ATHENA.MIT.EDU (Hugo Slabbert)
Thu Jul 9 03:19:01 2015
X-Original-To: nanog@nanog.org
Date: Wed, 8 Jul 2015 10:11:02 -0700
From: Hugo Slabbert <hugo@slabnet.com>
To: Mark Mayfield <Mark.Mayfield@cityofroseville.com>
In-Reply-To: <ffc0dc8068ba47c2bdc35184b8301df5@MIEXMBVM1.metro-inet.us>
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
--/jkxxxtAhYIHVDuh
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Wed 2015-Jul-08 16:58:24 +0000, Mark Mayfield <Mark.Mayfield@cityofrosev=
ille.com> wrote:
>Come in this morning to find one failover pair of ASA's had the primary cr=
ash and failover, then a couple hours later, the secondary crash and failov=
er, back to the primary.
>
>Another pair running the same code had the primary crash and fail in the s=
ame time window.
>
>So, three crashes in 4 hours in our environment.
>
>Open a TAC case on one of these for post-mortem analysis, and they interpr=
eted the crash dump to point at a DOS bug first published in Oct.
>
>The very interesting thing; on the phone the TAC engineer said this was "t=
he 10th one of these I've dealt with this morning".
>
>Here's the bug they reference:
>https://tools.cisco.com/bugsearch/bug/CSCul36176/?reffering_site=3Ddumpcr
>
>Anyone else have observations to add on this?
Not sure about ASA-specific DoS and the bug you're pointing at, but we saw
some NTP reflection this morning. Then there's the WSJ, NYSE, and UAL from=
=20
this morning as well. Rough day on the internets?
>
>Mark Mayfield
>City of Roseville - AS 54371
>Network Systems Engineer
>
>2660 Civic Center Drive
>Roseville, MN 55113
>651-792-7098 Office
>
--
Hugo
hugo@slabnet.com: email, xmpp/jabber
PGP fingerprint (B178313E):
CF18 15FA 9FE4 0CD1 2319
1D77 9AB1 0FFD B178 313E
(also on textsecure & redphone)
--/jkxxxtAhYIHVDuh
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCgAGBQJVnVmmAAoJEJqxD/2xeDE+dY0QAJyIy9E+4Pql5Pwsq2m9rtna
AtKaHmVWHatJy/3RMbFZBQqFqgWDa3+xHtbpuxj0jdjdYq6UtGVmjna0Xw2kllmS
Rk044Jmpc/cE8+0kSxGiySjzgjPpfbEd7QCtHv+rgIK/gKRWEifXr4yF4MjPyOiT
gYQor1hNE8gS9im9JW92fJvUAzZo8PPzLdS6GTVawirqyOthACY+BSZU4GTSQPKT
u2jc9BBd60jrxT69r6w8OhwNNRCp9wBPtorIfoVidGw6RXkkAMm485WR5iDJ+0gE
B25/BCwQZJ/s/BhWJS1DKN1KXktbD4NuVvoVVJKYZRuTGWfSnnApUfIJ/lhd8MU+
VbR/nI2inNAoDYZoDfkM2n1zyJEe4uZ0gW7sYsiBP2puVX/KBub6ybWDAfl/6wPU
LI8MfiaMBVBugb1rCpnllIlRHwjMekpjmUR7B8PJm1uGZWIzfkFj2VAA7i9P0875
V/SkNha1yQ0a3+DGOIXIFbldyCTGGBJtc4v60k/KWQcm6gHUbIZ9dScqOcM6aMwA
X32b8rBQ4wYcrUm0sH2fGR51LcxWM1CEeKiS/hBwWa3dCySMkSqlUgFB3c/0bPQA
yAeCqAM+tPSUKu2j6RI7z4GRJtobac1pV5YKr2ClHh4+0vZgK1TBMVepEXup6b8x
lBgu6y/EBvp40kAbRDGv
=vG1X
-----END PGP SIGNATURE-----
--/jkxxxtAhYIHVDuh--
