I’m sure they did. It could also have been any number of other things. I’m just guessing. It could have been someone trying to scan their enterprise too and went a bit rogue.
Not everyone reads NANOG believe it or not :) Either way, if you haven’t upgraded for a 9 month old security advisory, shame on you. I don’t care what your change management process looks like, it’s bordering on network malpractice IMHO. - Jared > On Jul 9, 2015, at 10:09 AM, Colin Johnston <col...@gt86car.org.uk> wrote: > > you would think a researcher would stop once he realised effect being caused ? > > Colin > >> On 9 Jul 2015, at 14:08, Jared Mauch <ja...@puck.nether.net> wrote: >> >> My guess is a researcher. >> >> We saw the same issue in the past with a Cisco microcode bug and people >> doing ping record route. When it went across a LC with a very specific set >> of software it would crash. >> >> If you crashed just upgrade your code, don't hide behind blocking an IP as >> people now know what to send/do. It won't be long. >> >> Jared Mauch >> >>> On Jul 9, 2015, at 7:44 AM, Colin Johnston <col...@gt86car.org.uk> wrote: >>> >>> Hi Jared, >>> thanks for update >>> >>> do you know provider/source ip of the source of the attack ? >>> >>> Colin >>> >>>> On 9 Jul 2015, at 12:27, Jared Mauch <ja...@puck.nether.net> wrote: >>>> >>>> Really just people not patching their software after warnings more than >>>> six months ago: >>>> >>>> July-08 UPDATE: Cisco PSIRT is aware of disruption to some Cisco customers >>>> with Cisco ASA devices affected by CVE-2014-3383, the Cisco ASA VPN Denial >>>> of Service Vulnerability that was disclosed in this Security Advisory. >>>> Traffic causing the disruption was isolated to a specific source IPv4 >>>> address. Cisco has engaged the provider and owner of that device and >>>> determined that the traffic was sent with no malicious intent. Cisco >>>> strongly recommends that customers upgrade to a fixed Cisco ASA software >>>> release to remediate this issue. >>>> >>>> Cisco has released free software updates that address these >>>> vulnerabilities. Workarounds that mitigate some of these vulnerabilities >>>> are available. >>>> >>>> Jared Mauch >>>> >>>>> On Jul 8, 2015, at 1:15 PM, Michel Luczak <fr...@shrd.fr> wrote: >>>>> >>>>> >>>>>> On 08 Jul 2015, at 18:58, Mark Mayfield >>>>>> <mark.mayfi...@cityofroseville.com> wrote: >>>>>> >>>>>> Come in this morning to find one failover pair of ASA's had the primary >>>>>> crash and failover, then a couple hours later, the secondary crash and >>>>>> failover, back to the primary. >>>>> >>>>> Not sure it’s related but I’ve read reports on FRNoG of ASAs crashing as >>>>> well, seems related to a late leap second related issue. >>>>> >>>>> Regards, Michel
