[nsp-sec] Looking for a PoC at AS10439 - CariNet, Inc.

[Nick Hilliard]

Dario, what's the TLP level on this?

Nick

On 08/07/2015 17:43, Dario Ciccarone wrote:
> ----------- nsp-security Confidential --------
> 
> 
> 
> Folks:
> 
>     Hi there. Dario Ciccarone from the Cisco PSIRT here.
> 
>     Starting today, 07/08/2015 on or about 02:00 AM EDT, our Cisco TAC
> has been receiving a constant flux of cases, about Cisco ASA firewalls
> crashing and rebooting. As of 12:30 PM EDT, we have about 80 cases -
> most of them opened within eight hours, and minutes apart - affecting
> hundreds of devices across different customers.
> 
>     The culprit, based on analysis of the memory dumps on crashed ASAs,
> seems to be UDP traffic that triggers the vulnerability documented
> through Cisco bug ID CSCul36176 - which was disclosed through a Cisco
> Security Advisory on October/2014 -
> http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141008-asa
> 
>     Based on analysis of the crash information, the traffic seems to be
> coming from address 71.6.142.125 - allocated to CariNet, Inc.
> 
>    
> http://whois.arin.net/rest/nets;q=71.6.142.125?showDetails=true&showARIN=false&showNonArinTopLevelNet=false&ext=netref2
> 
>     We completely understand this could be spoofed - however, we would
> like to reach out to CariNet, see if they have any knowledge of this
> activity.
> 
>     Thanks in advance,
>     Dario
> 
> 
> 
> 
> 
> _______________________________________________
> nsp-security mailing list
> nsp-security at puck.nether.net
> https://puck.nether.net/mailman/listinfo/nsp-security
> 
> Please do not Forward, CC, or BCC this E-mail outside of the nsp-security
> community. Confidentiality is essential for effective Internet security counter-measures.
> _______________________________________________
> 


-- 
Network Ability Ltd. | Chief Technical Officer | Tel: +353 1 6169698
52 Lower Sandwith St | INEX - Internet Neutral |
Dublin 2, Ireland    | Exchange Association    | Email: nick at inex.ie