[181988] in North American Network Operators' Group
Re: Possible Sudden Uptick in ASA DOS?
daemon@ATHENA.MIT.EDU (Colin Johnston)
Thu Jul 9 07:44:54 2015
X-Original-To: nanog@nanog.org
From: Colin Johnston <colinj@gt86car.org.uk>
In-Reply-To: <5BD9B971-CA92-43A0-B43E-D0BFB3FEC0D0@puck.nether.net>
Date: Thu, 9 Jul 2015 12:44:49 +0100
To: Jared Mauch <jared@puck.nether.net>
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
Hi Jared,
thanks for update
do you know provider/source ip of the source of the attack ?
Colin
> On 9 Jul 2015, at 12:27, Jared Mauch <jared@puck.nether.net> wrote:
>=20
> Really just people not patching their software after warnings more =
than six months ago:
>=20
> July-08 UPDATE: Cisco PSIRT is aware of disruption to some Cisco =
customers with Cisco ASA devices affected by CVE-2014-3383, the Cisco =
ASA VPN Denial of Service Vulnerability that was disclosed in this =
Security Advisory. Traffic causing the disruption was isolated to a =
specific source IPv4 address. Cisco has engaged the provider and owner =
of that device and determined that the traffic was sent with no =
malicious intent. Cisco strongly recommends that customers upgrade to a =
fixed Cisco ASA software release to remediate this issue.=20
>=20
> Cisco has released free software updates that address these =
vulnerabilities. Workarounds that mitigate some of these vulnerabilities =
are available.
>=20
> Jared Mauch
>=20
>> On Jul 8, 2015, at 1:15 PM, Michel Luczak <frnog@shrd.fr> wrote:
>>=20
>>=20
>>> On 08 Jul 2015, at 18:58, Mark Mayfield =
<Mark.Mayfield@cityofroseville.com> wrote:
>>>=20
>>> Come in this morning to find one failover pair of ASA's had the =
primary crash and failover, then a couple hours later, the secondary =
crash and failover, back to the primary.
>>=20
>> Not sure it=E2=80=99s related but I=E2=80=99ve read reports on FRNoG =
of ASAs crashing as well, seems related to a late leap second related =
issue.
>>=20
>> Regards, Michel
