My guess is a researcher. We saw the same issue in the past with a Cisco microcode bug and people doing ping record route. When it went across a LC with a very specific set of software it would crash.
If you crashed just upgrade your code, don't hide behind blocking an IP as people now know what to send/do. It won't be long. Jared Mauch > On Jul 9, 2015, at 7:44 AM, Colin Johnston <col...@gt86car.org.uk> wrote: > > Hi Jared, > thanks for update > > do you know provider/source ip of the source of the attack ? > > Colin > >> On 9 Jul 2015, at 12:27, Jared Mauch <ja...@puck.nether.net> wrote: >> >> Really just people not patching their software after warnings more than six >> months ago: >> >> July-08 UPDATE: Cisco PSIRT is aware of disruption to some Cisco customers >> with Cisco ASA devices affected by CVE-2014-3383, the Cisco ASA VPN Denial >> of Service Vulnerability that was disclosed in this Security Advisory. >> Traffic causing the disruption was isolated to a specific source IPv4 >> address. Cisco has engaged the provider and owner of that device and >> determined that the traffic was sent with no malicious intent. Cisco >> strongly recommends that customers upgrade to a fixed Cisco ASA software >> release to remediate this issue. >> >> Cisco has released free software updates that address these vulnerabilities. >> Workarounds that mitigate some of these vulnerabilities are available. >> >> Jared Mauch >> >>> On Jul 8, 2015, at 1:15 PM, Michel Luczak <fr...@shrd.fr> wrote: >>> >>> >>>> On 08 Jul 2015, at 18:58, Mark Mayfield >>>> <mark.mayfi...@cityofroseville.com> wrote: >>>> >>>> Come in this morning to find one failover pair of ASA's had the primary >>>> crash and failover, then a couple hours later, the secondary crash and >>>> failover, back to the primary. >>> >>> Not sure it’s related but I’ve read reports on FRNoG of ASAs crashing as >>> well, seems related to a late leap second related issue. >>> >>> Regards, Michel
