you would think a researcher would stop once he realised effect being caused ?
Colin > On 9 Jul 2015, at 14:08, Jared Mauch <ja...@puck.nether.net> wrote: > > My guess is a researcher. > > We saw the same issue in the past with a Cisco microcode bug and people doing > ping record route. When it went across a LC with a very specific set of > software it would crash. > > If you crashed just upgrade your code, don't hide behind blocking an IP as > people now know what to send/do. It won't be long. > > Jared Mauch > >> On Jul 9, 2015, at 7:44 AM, Colin Johnston <col...@gt86car.org.uk> wrote: >> >> Hi Jared, >> thanks for update >> >> do you know provider/source ip of the source of the attack ? >> >> Colin >> >>> On 9 Jul 2015, at 12:27, Jared Mauch <ja...@puck.nether.net> wrote: >>> >>> Really just people not patching their software after warnings more than six >>> months ago: >>> >>> July-08 UPDATE: Cisco PSIRT is aware of disruption to some Cisco customers >>> with Cisco ASA devices affected by CVE-2014-3383, the Cisco ASA VPN Denial >>> of Service Vulnerability that was disclosed in this Security Advisory. >>> Traffic causing the disruption was isolated to a specific source IPv4 >>> address. Cisco has engaged the provider and owner of that device and >>> determined that the traffic was sent with no malicious intent. Cisco >>> strongly recommends that customers upgrade to a fixed Cisco ASA software >>> release to remediate this issue. >>> >>> Cisco has released free software updates that address these >>> vulnerabilities. Workarounds that mitigate some of these vulnerabilities >>> are available. >>> >>> Jared Mauch >>> >>>> On Jul 8, 2015, at 1:15 PM, Michel Luczak <fr...@shrd.fr> wrote: >>>> >>>> >>>>> On 08 Jul 2015, at 18:58, Mark Mayfield >>>>> <mark.mayfi...@cityofroseville.com> wrote: >>>>> >>>>> Come in this morning to find one failover pair of ASA's had the primary >>>>> crash and failover, then a couple hours later, the secondary crash and >>>>> failover, back to the primary. >>>> >>>> Not sure it’s related but I’ve read reports on FRNoG of ASAs crashing as >>>> well, seems related to a late leap second related issue. >>>> >>>> Regards, Michel
