nanog mailing list archives
RE: Possible Sudden Uptick in ASA DOS?
From: "Chuck Church" <chuckchurch () gmail com>
Date: Fri, 10 Jul 2015 11:46:41 -0400
I would say it depends on the complexity and probability of it happening accidentally. An incorrect letter (language change perhaps) in a URL that crashes a web server might not be malicious. A crafted ESP or ISAKMP packet that was created in a Linux packet tool and 'randomly' hits your VPN I'd say is no accident. I agree with Jared, patch your stuff when the PSIRTs come out. But whether or not you're patched, if you're attacked, that person still is breaking the law. Think about leaving your car somewhere with the door open and keys in ignition. Someone steals it. They're still a criminal, even though you made their 'job' as easy as possible. Chuck -----Original Message----- From: Mark Andrews [mailto:marka () isc org] Sent: Thursday, July 09, 2015 10:06 PM To: Chuck Church Cc: 'Jared Mauch'; 'Colin Johnston'; nanog () nanog org Subject: Re: Possible Sudden Uptick in ASA DOS? In message <011d01d0bab1$e7890a00$b69b1e00$@gmail.com>, "Chuck Church" writes:
-----Original Message----- From: NANOG [mailto:nanog-bounces () nanog org] On Behalf Of Jared Mauch Sent: Thursday, July 09, 2015 9:08 AM To: Colin Johnston Cc: nanog () nanog org Subject: Re: Possible Sudden Uptick in ASA DOS?My guess is a researcher.I wouldn't classify someone sending known malicious traffic towards someone else's network device attempting to crash it as a 'researcher'. Criminal is a better term. Chuck
At what point does a well formed but bug triggering packet go from "malicious" to "expected"? Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: marka () isc org
Current thread:
- Re: Possible Sudden Uptick in ASA DOS?, (continued)
- Re: Possible Sudden Uptick in ASA DOS? Jared Mauch (Jul 09)
- Re: Possible Sudden Uptick in ASA DOS? Colin Johnston (Jul 09)
- Re: Possible Sudden Uptick in ASA DOS? Jared Mauch (Jul 09)
- Re: Possible Sudden Uptick in ASA DOS? Colin Johnston (Jul 09)
- Re: Possible Sudden Uptick in ASA DOS? Jared Mauch (Jul 09)
- Re: Possible Sudden Uptick in ASA DOS? Christopher Morrow (Jul 09)
- RE: Possible Sudden Uptick in ASA DOS? Chuck Church (Jul 09)
- Re: Possible Sudden Uptick in ASA DOS? Jared Mauch (Jul 09)
- Re: Possible Sudden Uptick in ASA DOS? Mark Andrews (Jul 09)
- Re: Possible Sudden Uptick in ASA DOS? Jared Mauch (Jul 10)
- RE: Possible Sudden Uptick in ASA DOS? Chuck Church (Jul 10)
- Re: Possible Sudden Uptick in ASA DOS? Jared Mauch (Jul 09)
- Re: Possible Sudden Uptick in ASA DOS? Ricky Beam (Jul 09)
- Re: Possible Sudden Uptick in ASA DOS? Jared Mauch (Jul 09)
- Re: Possible Sudden Uptick in ASA DOS? Nick Hilliard (Jul 09)
- Re: Possible Sudden Uptick in ASA DOS? Paul Hoogsteder (Jul 10)
- Re: Possible Sudden Uptick in ASA DOS? Eddie Tardist (Jul 10)
- Re: Possible Sudden Uptick in ASA DOS? Christoph Blecker (Jul 10)
- Re: Possible Sudden Uptick in ASA DOS? Eddie Tardist (Jul 10)
- Re: Possible Sudden Uptick in ASA DOS? Paul Ferguson (Jul 10)
- RE: Possible Sudden Uptick in ASA DOS? Mark Mayfield (Jul 08)