North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical RE: Working vulnerability? (Cisco exploit)
Yep its all a bit weird, I guess people are not too knowledgeable about it. For starters the original explit wont work very well out of the box for most script kiddies (random source addresses -> killed by anti-spoofing), and a single packet to a vulnerable box isnt enough (need to fill the queue slots). More of an annoyance really - most of the outages as a result are going to be from people upgrading boxes, not victims of attack. BB > -----Original Message----- > From: [email protected] [mailto:[email protected]] > > On Fri, 18 Jul 2003, Ben Buxton wrote: > > > It's released and it works - I have verified it in a lab here. > > And others are trying it in the field now. I setup the recommended > transit ACLs yesterday. Starting at 9:25am EDT this morning, > those ACLs > started getting hits. What doesn't make sense to me is > according to the > advisory, the packets have to be destined for the router to > crash it (not > just passed through it), but people are attacking seemingly > random IPs, > including ones in a new ARIN block that have not yet been > assigned/used > for anything. What do they think they're attacking? > > ---------------------------------------------------------------------- > Jon Lewis *[email protected]*| I route > System Administrator | therefore you are > Atlantic Net | > _________ http://www.lewis.org/~jlewis/pgp for PGP public key_________ > >
|