This was posted a while ago.
http://lists.netsys.com/pipermail/full-disclosure/2003-July/011421.html
http://lists.netsys.com/pipermail/full-disclosure/2003-July/011420.html
I haven't had the chance to test it in a controlled environment yet.
> You write that calling the TAC didn't help. Did you ask them "Does
> 12.2(15)T5 contain the fix for this bug?" and were they unable to
answer
> that? That sounds... improbable.
That is exactly what I did. I asked if it was the correct version of
code to use, and the response was ... "There i
That's what the CW tech told me when he called.
I suggested a MED change and he said they are a customers of CW and they can't make
any changes.
Greaaat. TA has re-reouted and times are down to about +20ms (100ms end to end).
-=Vandy=-
-Original Message-
From: Leete, Tony [mail
On Thursday 17 July 2003 18:24, Jim Duncan wrote:
> http://www.cisco.com/warp/public/707/cisco-sa-20030717-blocked.shtml
>
[cut]
so judging by this update, packets with protocols 53, 55, 77, and 103
should be blocked?
i am revising my acls now anyway, but wanted to confirm...
/joshua
--
Just an FYI,
A peering between CW and Qwest (actually Touch America - tamerica.net) is experiencing
some significant latency ~+250ms.
They are apparently working to re-route.
Unfortunately I don't know the peer point, but our issue is between Minnesota and San
Jose.
-=Vandy=-
Steve Rude writes:
> Quick question, I'm not sure if this is applicable, but I am having some
> confusion of what versions of code to upgrade to, and a call to the TAC
> didn't help. All apologies if this is off topic at all.
>
> We are currently running 12.2(8)T5 on several of our 2600 series ro
Scott Call writes:
> I started collecting the new IOS files for tonight's reboot of the
> Internet, and I had a quick question.
>
> The datestamps on a lot of the maintainence releases are months old, and
> I just want to make sure I'm getting the right stuff, as they say, so we
> don't have t
On Thu, Jul 17, 2003 at 03:20:18PM -0700, Steve Rude wrote:
>
>
> Quick question, I'm not sure if this is applicable, but I am having some
> confusion of what versions of code to upgrade to, and a call to the TAC
> didn't help. All apologies if this is off topic at all.
>
> We are currently run
* [EMAIL PROTECTED] (Steve Rude) [Fri 18 Jul 2003, 01:08 CEST]:
> Quick question, I'm not sure if this is applicable, but I am having some
> confusion of what versions of code to upgrade to, and a call to the TAC
> didn't help. All apologies if this is off topic at all.
>
> We are currently runni
Quick question, I'm not sure if this is applicable, but I am having some
confusion of what versions of code to upgrade to, and a call to the TAC
didn't help. All apologies if this is off topic at all.
We are currently running 12.2(8)T5 on several of our 2600 series routers
and according to the a
Hello,
Folks in Massachusetts connected to Verizon DSL are reporting problems
getting to websites that I host that are connected via lightship.net.
When I try to traceroute to the following Verizon router (130.81.9.225)
that is supposed to pass the traffic I get stopped on qwest.net. My
se
available at
http://www.cisco.com/warp/public/707/cisco-sa-20030717-blocked.shtml.
Affected Products
=
This issue affects all Cisco devices running Cisco IOS software and
configured to process Internet Protocol version 4 (IPv4) packets. Cisco
devices which do not run Cisco IOS
Alex Rubenstein writes:
> http://www.cisco.com/warp/public/707/cisco-sa-20030717-blocked.shtml
FYI, be sure to hit shift-reload in your browser so you're not
accidentally reading a cached local copy of the older version.
You should see version 1.3 as of a few minutes ago.
Jim
http://www.cisco.com/warp/public/707/cisco-sa-20030717-blocked.shtml
-- Alex Rubenstein, AR97, K2AHR, [EMAIL PROTECTED], latency, Al Reuben --
--Net Access Corporation, 800-NET-ME-36, http://www.nac.net --
Foundstone Security Briefings:
Cisco IPv4 Remote Denial of Service Vulnerability
Date: Today, Thursday, July 17, 2003
Time: 5:30 PM Eastern, 2:30 PM Pacific
Date: Tomorrow, Friday, July 18, 2003
Time: 11:00 AM Eastern, 8:00 AM Pacific
You're invited to a Special Web Seminar today covering this cr
Hello,
If anyone who knows of anyone inside NTL security would be willing
to share that info, I would greatly appreciate it. I have not been able to
track anyone down there in over 3 weeks.
Thanks,
Alex
11.x IOS source was floating around a few years ago. I wouldn't be
surprised if more recent versions were being distributed within the
underground community.
/m
- Original Message -
From: "Joe Abley" <[EMAIL PROTECTED]>
To: "Andy Dills" <[EMAIL PROTECTED]>
Cc: "Jack Bates" <[EMAIL PROTE
On Wed, 16 Jul 2003, Eric Gauthier wrote:
> > Ok, fine, don't tell the rest of use what it is, how to detect it, or how
> > to defend against it. We in the university space will just do nothing
> > because we have nothing to put into our IDS sensors to watch for/block it
> > out. Because, you
On Thursday, Jul 17, 2003, at 15:59 Canada/Eastern, Andy Dills wrote:
On Thu, 17 Jul 2003, Jack Bates wrote:
Sendmail root exploit took less than 24 hours to craft. I suspect that
this exploit will be found within 48 hours. Enough information was
provided to quickly guess where the problem lies
On Thu, 17 Jul 2003, Jack Bates wrote:
>
> Sean Donelan wrote:
> > Cisco stated if they receive any reports of the exploit in the wild,
> > they will re-issue the advisory with the updated information.
> >
>
> Sendmail root exploit took less than 24 hours to craft. I suspect that
> this exploit w
I had the same problem, with no resolution from any of my contacts yet
either (perhaps they're busy?)... In my case, 12.2(14)S is a recommended
option for 7200s (but built a while back), but that leaves me wondering
about 12.2(14)S2 and 12.2(14)S3 (the last of which was at least built
recently).
Scott Call wrote:
For example, 12.0S users are recommended to go to 12.0(25)S, which at
least for the GSR is dated April 14, 2003.
Do I have the right build of 12.0(25)S or will there be one with a date
closer to the revelation of the exploit showing up on the cisco FTP site?
I think that's a
I started collecting the new IOS files for tonight's reboot of the
Internet, and I had a quick question.
The datestamps on a lot of the maintainence releases are months old, and
I just want to make sure I'm getting the right stuff, as they say, so we
don't have to do this dance again tomorrow.
Sean Donelan wrote:
Cisco stated if they receive any reports of the exploit in the wild,
they will re-issue the advisory with the updated information.
Sendmail root exploit took less than 24 hours to craft. I suspect that
this exploit will be found within 48 hours. Enough information was
provided
[EMAIL PROTECTED] wrote:
In other words - yeah, it's probably important to get this update deployed. But
unless somebody has hard evidence to the contrary, I'm betting on it just being
an attempt to not let things leak out till they're ready to ship across the
board. That's a LOT of trains and rebu
Writer
<http://story.news.yahoo.com/news?tmpl=story&cid=528&ncid=528&e=5&u=/ap/20030717/ap_on_hi_te/cisco_vulnerability>
July 17, 2003DoS Flaw in Cisco Router, Switches By Ryan Naraine
http://www.atnewyork.com/news/article.php/2236591
>This was rumored to be a backhoe fade but the advisory refers only to
>IP services and there was nothing in the popular press about any major
>phone outage, so I have my suspicions. Usually if there's a fiber cut
>they say so. About this time is when all of the major backbones began
>flooding
>
> It should be:
>
> http://www.cisco.com/tacpage/sw-center/sw-ios.shtml
>
> The Advisory is being updated. It might even be out there.
>
Do you know if they are going to update the advisory with more detail?
At least I´m able to generate packets which get stuck in the input
queue on the vulnera
On Thu, 17 Jul 2003, Mikael Abrahamsson wrote:
> IS anyone seeing this exploited in the wild? It'd be good to know if we
> need to do panic upgrade or can schedule it for our next maintenance
> window (which is during the weekend).
Well, there's this from Wednesday afternoon...
- > Dear AT&T I
The next-after-next NANOG meeting (NANOG 30, our 10th anniversary) will be
held February 8-10, 2004, in Miami, Florida. Our host will be Terremark,
who also hosted our winter 2002 meeting. More details later - in the
meantime, see you this October in Chicago for our joint meeting with ARIN.
On Thu, 17 Jul 2003 03:17:32 EDT, Brian Wallingford said:
> :at http://www.cisco.com/tacpage/sw-center/sw-ios.html
>
> I'm getting a 404 "not found" for that URL, while logged into CCO.
Hmm.. you mean Magic Rebuild Dust doesn't work on webpages? ;)
But yeah, it's *that* sort of thing that you w
It should be:
http://www.cisco.com/tacpage/sw-center/sw-ios.shtml
The Advisory is being updated. It might even be out there.
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
> Brian Wallingford
> Sent: Thursday, July 17, 2003 12:18 AM
> To: [EMAIL
On Thu, 17 Jul 2003 [EMAIL PROTECTED] wrote:
:should be obtained through the Software Center on the Cisco worldwide website
:at http://www.cisco.com/tacpage/sw-center/sw-ios.html
I'm getting a 404 "not found" for that URL, while logged into CCO.
too many people knew.
> http://www.cisco.com/warp/public/707/cisco-sa-20030717-blocked.shtml
which says...
"Customers with contracts should obtain upgraded software free of charge through
their regular update channels. For most customers, this means that upgrades
should be obtained throug
35 matches
Mail list logo