[181986] in North American Network Operators' Group
Re: Possible Sudden Uptick in ASA DOS?
daemon@ATHENA.MIT.EDU (Jared Mauch)
Thu Jul 9 07:28:39 2015
X-Original-To: nanog@nanog.org
From: Jared Mauch <jared@puck.nether.net>
In-Reply-To: <6F73BBE8-9EE1-425E-8DD2-3BFE5B0D59D4@shrd.fr>
Date: Thu, 9 Jul 2015 07:27:16 -0400
To: Michel Luczak <frnog@shrd.fr>
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
Really just people not patching their software after warnings more than six m=
onths ago:
July-08 UPDATE: Cisco PSIRT is aware of disruption to some Cisco customers w=
ith Cisco ASA devices affected by CVE-2014-3383, the Cisco ASA VPN Denial of=
Service Vulnerability that was disclosed in this Security Advisory. Traffic=
causing the disruption was isolated to a specific source IPv4 address. Cisc=
o has engaged the provider and owner of that device and determined that the t=
raffic was sent with no malicious intent. Cisco strongly recommends that cus=
tomers upgrade to a fixed Cisco ASA software release to remediate this issue=
.=20
Cisco has released free software updates that address these vulnerabilities.=
Workarounds that mitigate some of these vulnerabilities are available.
Jared Mauch
> On Jul 8, 2015, at 1:15 PM, Michel Luczak <frnog@shrd.fr> wrote:
>=20
>=20
>> On 08 Jul 2015, at 18:58, Mark Mayfield <Mark.Mayfield@cityofroseville.co=
m> wrote:
>>=20
>> Come in this morning to find one failover pair of ASA's had the primary c=
rash and failover, then a couple hours later, the secondary crash and failov=
er, back to the primary.
>=20
> Not sure it=E2=80=99s related but I=E2=80=99ve read reports on FRNoG of AS=
As crashing as well, seems related to a late leap second related issue.
>=20
> Regards, Michel
