North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

RE: Working vulnerability? (Cisco exploit)

  • From: Christopher L. Morrow
  • Date: Fri Jul 18 12:19:20 2003

On Fri, 18 Jul 2003 [email protected] wrote:

> On Fri, 18 Jul 2003, Ben Buxton wrote:
> > It's released and it works - I have verified it in a lab here.
> And others are trying it in the field now.  I setup the recommended
> transit ACLs yesterday.  Starting at 9:25am EDT this morning, those ACLs
> started getting hits.  What doesn't make sense to me is according to the
> advisory, the packets have to be destined for the router to crash it (not
> just passed through it), but people are attacking seemingly random IPs,
> including ones in a new ARIN block that have not yet been assigned/used
> for anything.  What do they think they're attacking?

Is there wide spread use of the protocol 55? (IP Mobility) There seems to
be alot of that around, more than I'd have expected :)