Re: [c-nsp] Cisco Security Advisory: Cisco ASA Software IKEv1 and IKEv2 Buffer Overflow Vulnerability
Is a control-plane ACL to limit isakmp traffic (UDP/500) to an affected ASA from desired sources enough to mitigate this attack, until upgrades can be performed? Regards, Andrew Ashley -Original Message- From: NANOGon behalf of Adrian M Date: Thursday, 11 February 2016 at 15:53 To: "nanog@nanog.org" Subject: Re: [c-nsp] Cisco Security Advisory: Cisco ASA Software IKEv1 and IKEv2 Buffer Overflow Vulnerability >Be careful, It appears that something is broken with ARP on this release. >We have no ARP on lan interface, and somebody else has a similar problem: >https://www.reddit.com/r/networking/comments/433kqx/cisco_asa_not_recording_an_arp_entry/ > > > >On Wed, Feb 10, 2016 at 10:36 PM, Sadiq Saif wrote: > >> Update your ASAs folks, this is a critical one. >> >> >> Forwarded Message >> Subject: [c-nsp] Cisco Security Advisory: Cisco ASA Software IKEv1 and >> IKEv2 Buffer Overflow Vulnerability >> Date: Wed, 10 Feb 2016 08:06:51 -0800 >> From: Cisco Systems Product Security Incident Response Team >> >> Reply-To: ps...@cisco.com >> To: cisco-...@puck.nether.net >> CC: ps...@cisco.com >> >> Cisco Security Advisory: Cisco ASA Software IKEv1 and IKEv2 Buffer >> Overflow Vulnerability >> >> Advisory ID: cisco-sa-20160210-asa-ike >> >> Revision 1.0 >> >> For Public Release 2016 February 10 16:00 GMT (UTC) >> >> +- >> >> >> Summary >> === >> >> A vulnerability in the Internet Key Exchange (IKE) version 1 (v1) and >> IKE version 2 (v2) code of Cisco ASA Software could allow an >> unauthenticated, remote attacker to cause a reload of the affected >> system or to remotely execute code. >> >> The vulnerability is due to a buffer overflow in the affected code area. >> An attacker could exploit this vulnerability by sending crafted UDP >> packets to the affected system. An exploit could allow the attacker to >> execute arbitrary code and obtain full control of the system or to cause >> a reload of the affected system. >> >> Note: Only traffic directed to the affected system can be used to >> exploit this vulnerability. This vulnerability affects systems >> configured in routed firewall mode only and in single or multiple >> context mode. This vulnerability can be triggered by IPv4 and IPv6 traffic. >> >> Cisco has released software updates that address this vulnerability. >> This advisory is available at the following link: >> >> http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160210-asa-ike >> >> >> >> ___ >> cisco-nsp mailing list cisco-...@puck.nether.net >> https://puck.nether.net/mailman/listinfo/cisco-nsp >> archive at http://puck.nether.net/pipermail/cisco-nsp/ >> >> >> smime.p7s Description: S/MIME cryptographic signature
Re: BGPMON Alert Questions
Hi All, I am a network admin for Aware Corporation AS18356 (Thailand), as mentioned in the alert. We operate a BGPMon PeerMon node on our network, which peers with the BGPMon service as a collector. It is likely that AS4761 (INDOSAT) has somehow managed to hijack these prefixes and CAT (Communications Authority of Thailand AS4651) is not filtering them, hence they are announced to us and are triggering these BGPMon alerts. I have had several mails to our NOC about this already and have responded directly to those. I suggest contacting Indosat directly to get this resolved. AS18356 is a stub AS, so we are not actually advertising these learned hijacked prefixes to anyone but BGPMon for data collection purposes. Thanks. Regards, Andrew Ashley Office: +27 21 673 6841 E-mail: andre...@aware.co.th Web: www.aware.co.th On 2014/04/02, 21:05, Vlade Ristevski vrist...@ramapo.edu wrote: I just got the same alert for one of my prefixes one minute ago. On 4/2/2014 2:59 PM, Frank Bulk wrote: I received a similar notification about one of our prefixes also a few minutes ago. I couldn't find a looking glass for AS4761 or AS4651. But I also couldn't hit the websites for either AS, either. Frank -Original Message- From: Joseph Jenkins [mailto:j...@breathe-underwater.com] Sent: Wednesday, April 02, 2014 1:52 PM To: nanog@nanog.org Subject: BGPMON Alert Questions So I setup BGPMON for my prefixes and got an alert about someone in Thailand announcing my prefix. Everything looks fine to me and I've checked a bunch of different Looking Glasses and everything announcing correctly. I am assuming I should be contacting the provider about their misconfiguration and announcing my prefixes and get them to fix it. Any other recommendations? Is there a way I can verify what they are announcing just to make sure they are still doing it? Here is the alert for reference: Your prefix: 8.37.93.0/24: Update time: 2014-04-02 18:26 (UTC) Detected by #peers: 2 Detected prefix: 8.37.93.0/24 Announced by: AS4761 (INDOSAT-INP-AP INDOSAT Internet Network Provider,ID) Upstream AS: AS4651 (THAI-GATEWAY The Communications Authority of Thailand(CAT),TH) ASpath: 18356 9931 4651 4761 -- Vlad smime.p7s Description: S/MIME cryptographic signature
Re: BGPMON Alert Questions
I got a bounce from Indosat saying: Dear Senders, Thank you for your email, started March,1st 2012 email address for correspondence with Indosat IP Support All Support INP will be change and not active with detail information as follows : 1. Correspondence and complain handling for Indosat Corporate customers (INP, IDIA and INIX services) please kindly address to : corporatesolut...@indosat.com (Service Desk MIDI Indosat Corporate Solution) 2. Correspondence and coordination for upstream and peering purpose please kindly address to : snocips...@indosat.com (SNOC IP Surveillance) Thank you for your kind cooperation and understanding. Indosat IP Support Perhaps the ³SNOC IP Surveillance² address is better? For CAT Thailand, the contact details I have are: NOC call center CAT Telecom Tel: 66 2 104 2382 FAX: 66 2 104 2281 e-mail: cuss...@cattelecom.com As someone mentioned, English may be an issue, especially at this time of the morning over there. Regards, Andrew Ashley Office: +27 21 673 6841 E-mail: andre...@aware.co.th Web: www.aware.co.th From: Aris Lambrianidis effulge...@gmail.com Date: Wednesday 02 April 2014 at 22:40 To: Andrew Ashley andre...@aware.co.th Cc: nanog@nanog.org nanog@nanog.org Subject: Re: BGPMON Alert Questions Contacted ip@indosat.com about this, I urge others to do the same. --Aris On Wed, Apr 2, 2014 at 9:33 PM, Andrew (Andy) Ashley andre...@aware.co.th wrote: Hi All, I am a network admin for Aware Corporation AS18356 (Thailand), as mentioned in the alert. We operate a BGPMon PeerMon node on our network, which peers with the BGPMon service as a collector. It is likely that AS4761 (INDOSAT) has somehow managed to hijack these prefixes and CAT (Communications Authority of Thailand AS4651) is not filtering them, hence they are announced to us and are triggering these BGPMon alerts. I have had several mails to our NOC about this already and have responded directly to those. I suggest contacting Indosat directly to get this resolved. AS18356 is a stub AS, so we are not actually advertising these learned hijacked prefixes to anyone but BGPMon for data collection purposes. Thanks. Regards, Andrew Ashley Office: +27 21 673 6841 tel:%2B27%2021%20673%206841 E-mail: andre...@aware.co.th Web: www.aware.co.th http://www.aware.co.th On 2014/04/02, 21:05, Vlade Ristevski vrist...@ramapo.edu wrote: I just got the same alert for one of my prefixes one minute ago. On 4/2/2014 2:59 PM, Frank Bulk wrote: I received a similar notification about one of our prefixes also a few minutes ago. I couldn't find a looking glass for AS4761 or AS4651. But I also couldn't hit the websites for either AS, either. Frank -Original Message- From: Joseph Jenkins [mailto:j...@breathe-underwater.com] Sent: Wednesday, April 02, 2014 1:52 PM To: nanog@nanog.org Subject: BGPMON Alert Questions So I setup BGPMON for my prefixes and got an alert about someone in Thailand announcing my prefix. Everything looks fine to me and I've checked a bunch of different Looking Glasses and everything announcing correctly. I am assuming I should be contacting the provider about their misconfiguration and announcing my prefixes and get them to fix it. Any other recommendations? Is there a way I can verify what they are announcing just to make sure they are still doing it? Here is the alert for reference: Your prefix: 8.37.93.0/24 http://8.37.93.0/24 : Update time: 2014-04-02 18:26 (UTC) Detected by #peers: 2 Detected prefix: 8.37.93.0/24 http://8.37.93.0/24 Announced by: AS4761 (INDOSAT-INP-AP INDOSAT Internet Network Provider,ID) Upstream AS: AS4651 (THAI-GATEWAY The Communications Authority of Thailand(CAT),TH) ASpath: 18356 9931 4651 4761 -- Vlad smime.p7s Description: S/MIME cryptographic signature
Cross connect from Telx to Level 3 @ 111 8th Ave
Hi, Does anyone know if it is possible to get a cross connect from Telx (room 524) to Level 3 (room 304) at 111 8th Ave? Neither Telx or L3 can do this without serious complication and prohibitive cost. (contact me off list please) Thanks. Regards, Andy Ashley. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
Re: DSL options in NYC for OOB access
On 29/01/2011 00:16, Bill Stewart wrote: How much bandwidth do you need? Is a dialup modem fast enough? Hi, Not much at all. Just enough for a telnet/ssh session. A dialup modem would likely do the trick, but that raises other issues about dialing up from the UK based NOC, so I think DSL will be a little more flexible for us in this case. If we must have a telephone line installed we may as well get DSL service over that. Point taken though about reliability of DSL service vs plain PSTN. I have had some offers from the right sort of companies. One in particular has everything we need (low speed, static ip, no red tape a clue) at half the price of the others (ask me off list if you want the name). Also suggested to me was doing a swap with another provider in the facility but it seems as if cross connects may be prohibitively expensive between suites/floors there. Im going to wait for pricing on this and make a choice then. Thanks to all who responded. Regards, Andy. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
Re: DSL options in NYC for OOB access
On 29/01/2011 14:56, Randy McAnally wrote: Have you looked into the cross connect cost for your DSL line? They typically aren't very cheap either. ~Randy Im still waiting for the quote to come back from L3. Figured a copper pair would be cheaper than a fiber, but who knows? Andy. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
DSL options in NYC for OOB access
Hi, Im looking for a little advice about DSL circuits in New York, specifically at 111 8th Ave. Going to locate a console server there for out-of-band serial management. The router will need connectivity for remote telnet/ssh access from the NOC. Looking for a low speed (and low cost) DSL line with a fixed IP. I searched some obvious providers but dont really want to deal with a huge company (Verizon, Qwest, ?) if it can be avoided. Also $80-100+ seems a lot for something that will be used very rarely, but maybe those prices are normal. Are there smaller/independent companies out there offering this sort of thing? I dont know much about the US DSL market, so any hints are welcome. Thanks. Andy. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
Re: Other NOGs around the world?
On Aug 22, 2010, at 9:52 What other network operator groups are there around the world (besides NANOG)? IOZ (South Africa) - http://lists.internet.org.za/mailman/listinfo Regards, Andy. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
Re: SAS70 Type II compliant colo providers - Chicago, IL
Andy Ashley wrote: Hi, I would really appreciate any recommendations for SAS70 Type II compliant colocation providers in Chicago, IL The requirement is fairly small (1/2 - 1 rack). Mail me off list please. Thanks. Thanks to everyone who replied with advice and recommendations/referrals, there were too many to respond to individually. I have made a couple of choices and will make further enquiries with those companies. Regards, Andy. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
SAS70 Type II compliant colo providers - Chicago, IL
Hi, I would really appreciate any recommendations for SAS70 Type II compliant colocation providers in Chicago, IL The requirement is fairly small (1/2 - 1 rack). Mail me off list please. Thanks. Regards, Andy. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.