Possible Sudden Uptick in ASA DOS?
Chuck Church
chuckchurch at gmail.com
Fri Jul 10 15:46:41 UTC 2015
I would say it depends on the complexity and probability of it happening
accidentally. An incorrect letter (language change perhaps) in a URL that
crashes a web server might not be malicious. A crafted ESP or ISAKMP packet
that was created in a Linux packet tool and 'randomly' hits your VPN I'd say
is no accident. I agree with Jared, patch your stuff when the PSIRTs come
out. But whether or not you're patched, if you're attacked, that person
still is breaking the law. Think about leaving your car somewhere with the
door open and keys in ignition. Someone steals it. They're still a
criminal, even though you made their 'job' as easy as possible.
Chuck
-----Original Message-----
From: Mark Andrews [mailto:marka at isc.org]
Sent: Thursday, July 09, 2015 10:06 PM
To: Chuck Church
Cc: 'Jared Mauch'; 'Colin Johnston'; nanog at nanog.org
Subject: Re: Possible Sudden Uptick in ASA DOS?
In message <[email protected]>, "Chuck Church"
writes:
> -----Original Message-----
> From: NANOG [mailto:nanog-bounces at nanog.org] On Behalf Of Jared Mauch
> Sent: Thursday, July 09, 2015 9:08 AM
> To: Colin Johnston
> Cc: nanog at nanog.org
> Subject: Re: Possible Sudden Uptick in ASA DOS?
>
> >My guess is a researcher.
>
>
> I wouldn't classify someone sending known malicious traffic towards
> someone else's network device attempting to crash it as a 'researcher'.
> Criminal is a better term.
>
> Chuck
At what point does a well formed but bug triggering packet go from
"malicious" to "expected"?
Mark
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
More information about the NANOG
mailing list