Working vulnerability? (Cisco exploit)
Christopher L. Morrow
chris at UU.NET
Fri Jul 18 16:15:52 UTC 2003
On Fri, 18 Jul 2003 jlewis at lewis.org wrote:
>
> On Fri, 18 Jul 2003, Ben Buxton wrote:
>
> > It's released and it works - I have verified it in a lab here.
>
> And others are trying it in the field now. I setup the recommended
> transit ACLs yesterday. Starting at 9:25am EDT this morning, those ACLs
> started getting hits. What doesn't make sense to me is according to the
> advisory, the packets have to be destined for the router to crash it (not
> just passed through it), but people are attacking seemingly random IPs,
> including ones in a new ARIN block that have not yet been assigned/used
> for anything. What do they think they're attacking?
>
Is there wide spread use of the protocol 55? (IP Mobility) There seems to
be alot of that around, more than I'd have expected :)
More information about the NANOG
mailing list