Re: Postini's network.
On Wed, Jul 16, 2003 at 01:10:17PM -0700, [EMAIL PROTECTED] said: There appears to have been some difficulty inside ATT's network the last few minutes. It appears to have been resolved. I don't have a master-ticket number or such yet. yeah, we had a tunnel into ATT that disappeared a few minutes ago, and then reappeared after about 7 minutes or so. *shrug* -- Scott Francis || darkuncle (at) darkuncle (dot) net illum oportet crescere me autem minui pgp0.pgp Description: PGP signature
Re: New Cisco Vulnerability
On Wed, 16 Jul 2003, John Payne wrote: --On Wednesday, July 16, 2003 12:50 PM -0700 Gregory Hicks [EMAIL PROTECTED] wrote: From: Vincent J. Bono [EMAIL PROTECTED] Date: Wed, 16 Jul 2003 15:17:54 -0400 Hello All, There seem to be rumors going around that there is a new major Cisco vulnerability but only the major backbones are being given fixes right now. Not 100% true... Anyone with a Catalyst 4000/5000/6000 can get it - free. See this URL for details. http://www.cisco.com/warp/public/707/cisco-sa-20030709-swtcp.shtml Different vulnerability from what I hear. I'm hearing similar rumors, and Genuity has a planned emergency maintenance tomorrow morning, and there's some major weirdness with our ATT feed over the past half hour. The rumored vulnerability is IOS, not CatOS and supposedly causes a reload, not a telnet DoS. -- Jay Hennigan - CCIE #7880 - Network Administration - [EMAIL PROTECTED] WestNet: Connecting you to the planet. 805 884-6323 WB6RDV NetLojix Communications, Inc. - http://www.netlojix.com/
RE: Postini's network.
There is currently an AT T OC192 down from St Louis to San Francisco (Big Pipe: OC-192=9.952 Gbps) -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]On Behalf Of Drew WeaverSent: Wednesday, July 16, 2003 4:29 PMTo: '[EMAIL PROTECTED]'Subject: Postini's network. Is anyone else having trouble reaching postini? Tracing route to coax.net.coax.mail1.psmtp.com [12.158.34.245] over a maximum of 30 hops: 1 1 ms 1 ms 1 ms gateway.cmh.ee.net [209.190.0.1] 2 1 ms 1 ms 1 ms letmeout.thenap.com [206.222.25.1] 3 1 ms 1 ms 1 ms 209.51.192.18 4 2 ms 2 ms 2 ms 66-162-176-5.gen.twtelecom.net [66.162.176.5] 5 1 ms 2 ms 2 ms dist-02-ge-3-2-0-0.clmb.twtelecom.net [66.192.24 1.213] 6 17 ms 18 ms 16 ms core-02-so-1-3-0-0.nycl.twtelecom.net [66.192.24 1.1] 7 17 ms 17 ms 18 ms 66.192.240.38 8 17 ms 17 ms 17 ms 66.192.252.246 9 18 ms 18 ms 18 ms tbr1-p011601.n54ny.ip.att.net [12.123.1.122] 10 57 ms 58 ms 58 ms tbr1-p013801.cgcil.ip.att.net [12.122.10.50] 11 * I was delivering mail to them fine until 2:35pm. Thanks, -Drew
Re: New Cisco Vulnerability
I'm hearing similar rumors, and Genuity has a planned emergency maintenance tomorrow morning, and there's some major weirdness with our ATT feed over the past half hour. This might explain the (very!) high number of maintenance alerts from QWest this week, as well --- david raistrick [EMAIL PROTECTED] http://www.expita.com/nomime.html
Re: Postini's network.
Darren Bolding wrote: There appears to have been some difficulty inside ATT's network the last few minutes. It appears to have been resolved. I don't have a master-ticket number or such yet. Try 201975 --D //jbaltz -- jerry b. altzman[EMAIL PROTECTED]+1 646 230 8750 Thank you for contributing to the heat death of the universe.
RE: Postini's network.
AT T Master Trouble Ticket is 1537072 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Jerry B. Altzman Sent: Wednesday, July 16, 2003 4:52 PM To: Darren Bolding Cc: 'Drew Weaver'; [EMAIL PROTECTED] Subject: Re: Postini's network. Darren Bolding wrote: There appears to have been some difficulty inside ATT's network the last few minutes. It appears to have been resolved. I don't have a master-ticket number or such yet. Try 201975 --D //jbaltz -- jerry b. altzman[EMAIL PROTECTED]+1 646 230 8750 Thank you for contributing to the heat death of the universe.
Re: New Cisco Vulnerability
I'm hearing similar rumors, and Genuity has a planned emergency maintenance tomorrow morning, and there's some major weirdness with our ATT feed over the past half hour. This might explain the (very!) high number of maintenance alerts from QWest this week, as well Sprint, L3 and Cogent also announced a series of emergency maintenances. Pete
Re: New Cisco Vulnerability
This might explain the (very!) high number of maintenance alerts from QWest this week, as well Sprint, L3 and Cogent also announced a series of emergency maintenances. Ok, fine, don't tell the rest of use what it is, how to detect it, or how to defend against it. We in the university space will just do nothing because we have nothing to put into our IDS sensors to watch for/block it out. Because, you know, we're going to be the sources :) Eri c:)
IOS Vulnerability
For full details about the vulnerability see http://www.cisco.com/en/US/products/hw/routers/ps341/products_security_advisory09186a00801a34c2.shtml Scott C. McGrath
RE: Cisco IOS Vulnerability
Cisco has posted information regarding this issue and work arounds. 12.3 based code does not exhibit this problem. Cisco Security Advisory: Cisco IOS Interface Blocked by IPv4 Packet http://www.cisco.com/warp/public/707/cisco-sa-20030717-blocked.shtml - Darrell -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Timmons Sent: Wednesday, July 16, 2003 9:20 PM To: [EMAIL PROTECTED] Subject: Cisco IOS Vulnerability i have no details regarding the ios vulnerability other than what has already been stated on-list, but the IOS matrix obtained this evening and listed at http://www.0ptical.net/cisco.html shows what versions are affected, and what to upgrade to resolve the mystery issue. not sure why psirt is keeping this under wraps, since most NSPs are publicly scheduling emergency upgrades to fix network problems that arent being detailed to customers, and those same customers can and will be affected by the same problem. thx, JT ___ Join Excite! - http://www.excite.com The most personalized portal on the Web!
Re: Cisco IOS Vulnerability
On Wed, Jul 16, 2003 at 10:11:49PM -0500, Darrell Kristof wrote: Cisco has posted information regarding this issue and work arounds. 12.3 based code does not exhibit this problem. Cisco Security Advisory: Cisco IOS Interface Blocked by IPv4 Packet http://www.cisco.com/warp/public/707/cisco-sa-20030717-blocked.shtml I'm not sure how many of you have seen cases of a stuck input or output queue on an interface in the past as well, seems like cisco needs a clear queue command. - Jared -- Jared Mauch | pgp key available via finger from [EMAIL PROTECTED] clue++; | http://puck.nether.net/~jared/ My statements are only mine.
megapath.net dns
Can someone with a clue at megapath.net PLEASE fix your dns. I've been sending mail to noc@ for the last 24 hours but all I get are auto responder messages. Your forward zones don't match your reverse zones for mia.megapath.net and 74.33.69.in-addr.arpa zones. You are causing denial of service for your customers.
Re: Cisco IOS Vulnerability
On Thu, Jul 17, 2003 at 01:02:42AM -0400, Jason Lixfeld wrote: On Wednesday, July 16, 2003, at 11:34 PM, joshua sahala wrote: anyone have the 'scheduled maintenance mp3 lying around? i have a feeling i am going to need it This wouldn't be the My gig port's down, and now it's up again... song would it? :) If not, pass along the right one when you find it, will ya? 1) I didn't make this 2) I cna't remmber where i got it from 3) please don't abuse my connection too much tonight http://puck.nether.net/~jared/gigflapping.mp3 - jared -- Jared Mauch | pgp key available via finger from [EMAIL PROTECTED] clue++; | http://puck.nether.net/~jared/ My statements are only mine.
Re: Cisco IOS Vulnerability
On Thu, 17 Jul 2003, Jared Mauch wrote: On Thu, Jul 17, 2003 at 01:02:42AM -0400, Jason Lixfeld wrote: On Wednesday, July 16, 2003, at 11:34 PM, joshua sahala wrote: anyone have the 'scheduled maintenance mp3 lying around? i have a feeling i am going to need it This wouldn't be the My gig port's down, and now it's up again... song would it? :) If not, pass along the right one when you find it, will ya? 1) I didn't make this 2) I cna't remmber where i got it from 3) please don't abuse my connection too much tonight http://puck.nether.net/~jared/gigflapping.mp3 don't abuse Jared, abuse me: ftp://mirrors.secsup.org/tmp/gigflapping.mp3 it should be completely there in a few minutes.
Re: Cisco IOS Vulnerability
So that was the one... On Thursday, July 17, 2003, at 1:09 AM, Jared Mauch wrote: On Thu, Jul 17, 2003 at 01:02:42AM -0400, Jason Lixfeld wrote: On Wednesday, July 16, 2003, at 11:34 PM, joshua sahala wrote: anyone have the 'scheduled maintenance mp3 lying around? i have a feeling i am going to need it This wouldn't be the My gig port's down, and now it's up again... song would it? :) If not, pass along the right one when you find it, will ya? 1) I didn't make this 2) I cna't remmber where i got it from 3) please don't abuse my connection too much tonight http://puck.nether.net/~jared/gigflapping.mp3 - jared -- Jared Mauch | pgp key available via finger from [EMAIL PROTECTED] clue++; | http://puck.nether.net/~jared/ My statements are only mine.
RE: Cisco IOS Vulnerability
| -Original Message- | From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of | Jared Mauch | Sent: Thursday, July 17, 2003 1:10 AM | To: Jason Lixfeld | Cc: joshua sahala; '[EMAIL PROTECTED]' | Subject: Re: Cisco IOS Vulnerability | | | On Thu, Jul 17, 2003 at 01:02:42AM -0400, Jason Lixfeld wrote: | | | On Wednesday, July 16, 2003, at 11:34 PM, joshua sahala wrote: | | anyone have the 'scheduled maintenance mp3 lying around? i have a | feeling i am going to need it | | This wouldn't be the My gig port's down, and now it's up again... | song would it? :) | | If not, pass along the right one when you find it, will ya? | | 1) I didn't make this | 2) I cna't remmber where i got it from | 3) please don't abuse my connection too much tonight | | http://puck.nether.net/~jared/gigflapping.mp3 That link is returning a 403. Here's a copy on one of my boxes: http://www.ciphin.com/nanog/gigflapping.mp3 Todd -- | | - jared | | -- | Jared Mauch | pgp key available via finger from [EMAIL PROTECTED] | clue++; | http://puck.nether.net/~jared/ My statements are only | mine.
Flapping (was Re: Cisco IOS Vulnerability)
On Thu, 17 Jul 2003, Jason Lixfeld wrote: This wouldn't be the My gig port's down, and now it's up again... song would it? :) Folks may remember when ISPs were responding to the SNMP vulnerability many backbones were rebooting their routers during maintenance windows. At the time, some people monitoring BGP and other things thought the Internet was under attack because a huge portion of the net bounced early in the morning. In reality it was just one backbone during a global router reboot. Don't panic if you see BGP flaps from backbones during the next few weeks.
RE: Cisco IOS Vulnerability
On Wed, 16 Jul 2003, Darrell Kristof wrote: Cisco Security Advisory: Cisco IOS Interface Blocked by IPv4 Packet http://www.cisco.com/warp/public/707/cisco-sa-20030717-blocked.shtml IS anyone seeing this exploited in the wild? It'd be good to know if we need to do panic upgrade or can schedule it for our next maintenance window (which is during the weekend). -- Mikael Abrahamssonemail: [EMAIL PROTECTED]
Re: Cisco IOS Vulnerability
On Thu, Jul 17, 2003 at 07:48:24AM +0200, Mikael Abrahamsson wrote: On Wed, 16 Jul 2003, Darrell Kristof wrote: Cisco Security Advisory: Cisco IOS Interface Blocked by IPv4 Packet http://www.cisco.com/warp/public/707/cisco-sa-20030717-blocked.shtml IS anyone seeing this exploited in the wild? It'd be good to know if we need to do panic upgrade or can schedule it for our next maintenance window (which is during the weekend). I've been keeping my ear close to the ground. A number of people have been attempting to find the packet to better place ACLs in the internet community, but i've also heard of people seeing more series of unusual packets on their network in the past few days as well. Nobody has found it yet that i'm aware of and Cisco found this in internal testing so I expect you will be safe for a period of time sufficent to do weekend upgrades. - jared -- Jared Mauch | pgp key available via finger from [EMAIL PROTECTED] clue++; | http://puck.nether.net/~jared/ My statements are only mine.