Working vulnerability? (Cisco exploit)
Ben Buxton
B.Buxton at Planettechnologies.nl
Fri Jul 18 14:15:18 UTC 2003
Yep its all a bit weird, I guess people are not too knowledgeable about
it. For starters the original explit wont work very well out of the box
for most script kiddies (random source addresses -> killed by
anti-spoofing),
and a single packet to a vulnerable box isnt enough (need to fill the
queue slots).
More of an annoyance really - most of the outages as a result are going
to
be from people upgrading boxes, not victims of attack.
BB
> -----Original Message-----
> From: jlewis at lewis.org [mailto:jlewis at lewis.org]
>
> On Fri, 18 Jul 2003, Ben Buxton wrote:
>
> > It's released and it works - I have verified it in a lab here.
>
> And others are trying it in the field now. I setup the recommended
> transit ACLs yesterday. Starting at 9:25am EDT this morning,
> those ACLs
> started getting hits. What doesn't make sense to me is
> according to the
> advisory, the packets have to be destined for the router to
> crash it (not
> just passed through it), but people are attacking seemingly
> random IPs,
> including ones in a new ARIN block that have not yet been
> assigned/used
> for anything. What do they think they're attacking?
>
> ----------------------------------------------------------------------
> Jon Lewis *jlewis at lewis.org*| I route
> System Administrator | therefore you are
> Atlantic Net |
> _________ http://www.lewis.org/~jlewis/pgp for PGP public key_________
>
>
More information about the NANOG
mailing list