[59721] in North American Network Operators' Group
RE: Working vulnerability? (Cisco exploit)
daemon@ATHENA.MIT.EDU (jlewis@lewis.org)
Fri Jul 18 09:57:38 2003
Date: Fri, 18 Jul 2003 09:57:01 -0400 (EDT)
From: jlewis@lewis.org
To: Ben Buxton <B.Buxton@Planettechnologies.nl>
Cc: Ken Yeo <kenyeo@on-linecorp.com>, <nanog@merit.edu>
In-Reply-To: <7B5898BD5B4D8841B2AFC746EDD683B401571CC9@amfmx01.core.local>
Errors-To: owner-nanog-outgoing@merit.edu
On Fri, 18 Jul 2003, Ben Buxton wrote:
> It's released and it works - I have verified it in a lab here.
And others are trying it in the field now. I setup the recommended
transit ACLs yesterday. Starting at 9:25am EDT this morning, those ACLs
started getting hits. What doesn't make sense to me is according to the
advisory, the packets have to be destined for the router to crash it (not
just passed through it), but people are attacking seemingly random IPs,
including ones in a new ARIN block that have not yet been assigned/used
for anything. What do they think they're attacking?
----------------------------------------------------------------------
Jon Lewis *jlewis@lewis.org*| I route
System Administrator | therefore you are
Atlantic Net |
_________ http://www.lewis.org/~jlewis/pgp for PGP public key_________
