I would say it depends on the complexity and probability of it happening accidentally. An incorrect letter (language change perhaps) in a URL that crashes a web server might not be malicious. A crafted ESP or ISAKMP packet that was created in a Linux packet tool and 'randomly' hits your VPN I'd say is no accident. I agree with Jared, patch your stuff when the PSIRTs come out. But whether or not you're patched, if you're attacked, that person still is breaking the law. Think about leaving your car somewhere with the door open and keys in ignition. Someone steals it. They're still a criminal, even though you made their 'job' as easy as possible.
Chuck -----Original Message----- From: Mark Andrews [mailto:[email protected]] Sent: Thursday, July 09, 2015 10:06 PM To: Chuck Church Cc: 'Jared Mauch'; 'Colin Johnston'; [email protected] Subject: Re: Possible Sudden Uptick in ASA DOS? In message <[email protected]>, "Chuck Church" writes: > -----Original Message----- > From: NANOG [mailto:[email protected]] On Behalf Of Jared Mauch > Sent: Thursday, July 09, 2015 9:08 AM > To: Colin Johnston > Cc: [email protected] > Subject: Re: Possible Sudden Uptick in ASA DOS? > > >My guess is a researcher. > > > I wouldn't classify someone sending known malicious traffic towards > someone else's network device attempting to crash it as a 'researcher'. > Criminal is a better term. > > Chuck At what point does a well formed but bug triggering packet go from "malicious" to "expected"? Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: [email protected]
