subject:"\[swinog\] Brocade MLXe\: Random Linecard Reboot \- anyone else\?"

Re: [swinog] Brocade MLXe: Random Linecard Reboot - anyone else?

2016-09-19 Diskussionsfäden Silvan M. Gebhardt

I agree this is so vague, it's more fud than anything. But I still want to see 
what actually causes these issues, across ISPs...
I hope I can catch some traffic until a reboot




- Ursprüngliche Mail -
Von: "Scott Weeks" <sur...@mauigateway.com>
An: swi...@swinog.ch
Gesendet: Sonntag, 18. September 2016 22:47:13
Betreff: Re: [swinog] Brocade MLXe: Random Linecard Reboot - anyone else?

--- rai...@ultra-secure.de wrote:
From: Rainer Duffner <rai...@ultra-secure.de>
> Am 18.09.2016 um 08:11 schrieb Fredy Kuenzler <kuenz...@init7.net>:


> Friday night we observed several Brocade MLXe linecards rebooting 
> (several locations, i.e. Amsterdam, Frankfurt, Geneva), which 
> caused network instability due to flapping iBGP etc.



: Coincidence?
:
: https://twitter.com/schneierblog/status/775783898366160896
---



"Take Down the Internet"
"it feels like a large nation state...China or Russia"
"I am unable to give details"
"It feels like a nation's military cybercommand"

etc.

Seems like FUD to get viewers.  'The sky's going to fall and I can't 
tell you why or when, but I know it is.  Trust me.'  Where's the 
technical details so we  can make an informed decision, rather than 
"it feels like..."

scott































___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog




___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog


___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog

Re: [swinog] Brocade MLXe: Random Linecard Reboot - anyone else?

2016-09-18 Diskussionsfäden Scott Weeks



--- rai...@ultra-secure.de wrote:
From: Rainer Duffner 
> Am 18.09.2016 um 08:11 schrieb Fredy Kuenzler :


> Friday night we observed several Brocade MLXe linecards rebooting 
> (several locations, i.e. Amsterdam, Frankfurt, Geneva), which 
> caused network instability due to flapping iBGP etc.



: Coincidence?
:
: https://twitter.com/schneierblog/status/775783898366160896
---



"Take Down the Internet"
"it feels like a large nation state...China or Russia"
"I am unable to give details"
"It feels like a nation's military cybercommand"

etc.

Seems like FUD to get viewers.  'The sky's going to fall and I can't 
tell you why or when, but I know it is.  Trust me.'  Where's the 
technical details so we  can make an informed decision, rather than 
"it feels like..."

scott































___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog




___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog

Re: [swinog] Brocade MLXe: Random Linecard Reboot - anyone else?

2016-09-18 Diskussionsfäden Silvan M. Gebhardt

I have been suspecting this as well, I plan to actually get this firmware, get 
a spare MLX from someone and put it online, pcap the hell out of it and see 
what happens until it reboots. 

Either this is a very strange bug or something bigger. 


- Ursprüngliche Mail -
Von: "Rainer Duffner" 
[...]
> 
> Since these routers operate in various locations and ASNs but are the same 
> make/model I suppose it's a software security issue. Can malicious packets 
> force a linecard reboot?
> 



Coincidence?

https://twitter.com/schneierblog/status/775783898366160896


;-)





___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog


___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog

Re: [swinog] Brocade MLXe: Random Linecard Reboot - anyone else?

2016-09-18 Diskussionsfäden Rainer Duffner


> Am 18.09.2016 um 08:11 schrieb Fredy Kuenzler :
> 
> Friday night we observed several Brocade MLXe linecards rebooting (several 
> locations, i.e. Amsterdam, Frankfurt, Geneva), which caused network 
> instability due to flapping iBGP etc.
> 
> As of now we know that iWay and nine.ch suffered from similar issues in the 
> same time window, and we believe that they use also Brocade MLXe.
> 
> Tonight around 4 a.m. symptoms occurred again, on a lesser degree. nine.ch 
> reports it too.
> 
> For reference the tickets:
> http://www.init7.net/de/status/?ticket=10348
> https://status.nine.ch/en/messages/544
> https://www.iway.ch/iway/status/
> 
> Did anyone else observed similar symptoms?
> 
> Since these routers operate in various locations and ASNs but are the same 
> make/model I suppose it's a software security issue. Can malicious packets 
> force a linecard reboot?
> 



Coincidence?

https://twitter.com/schneierblog/status/775783898366160896


;-)





___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog

Re: [swinog] Brocade MLXe: Random Linecard Reboot - anyone else?

2016-09-18 Diskussionsfäden Julian Rutz

Hello Fredy,

We were suffering the same issues during the same timeframes. From what
I heard from TAC your guess that malicious packets are forcing the
linecards to reload seems to be correct, not confirmed tough. I am eager
to get further details.

Still waiting for information regarding the patch...

Cheers, Julian

-- 
Julian Rutz
Teamleader Network

nexellent ag
Saegereistrasse 33
CH-8152 Glattbrugg

Phone:   +41 44 872 20 00
URL: www.nexellent.ch
X-NCC-RegID: ch.nexellent



___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog

Re: [swinog] Brocade MLXe: Random Linecard Reboot - anyone else?

2016-09-18 Diskussionsfäden Christoph Kaelin

Please contact Brocade TAC which is able to provide a patch
It is NOT been seen with customers using releases below 5.9.00

Regards,
Chris


-Original Message-
From: swinog-boun...@lists.swinog.ch [mailto:swinog-boun...@lists.swinog.ch] On 
Behalf Of Fredy Kuenzler
Sent: Sunday, September 18, 2016 08:11
To: swi...@swinog.ch
Subject: [swinog] Brocade MLXe: Random Linecard Reboot - anyone else?

Friday night we observed several Brocade MLXe linecards rebooting (several 
locations, i.e. Amsterdam, Frankfurt, Geneva), which caused network instability 
due to flapping iBGP etc.

As of now we know that iWay and nine.ch suffered from similar issues in the 
same time window, and we believe that they use also Brocade MLXe.

Tonight around 4 a.m. symptoms occurred again, on a lesser degree. nine.ch 
reports it too.

For reference the tickets:
https://urldefense.proofpoint.com/v2/url?u=http-3A__www.init7.net_de_status_-3Fticket-3D10348=DQICAg=IL_XqQWOjubgfqINi2jTzg=FMm8Sl9W6__uWnDcLmalOBsri9zL5oYrP-sJQm64SM8=sQi92DTCBjQiG40sOXnakdGSFQstLAF0FUn9wybQeLY=a-MVgVpvzQIDWR4rMJf-vTy63YzX0ZjgBC54t1pS47A=
 
https://urldefense.proofpoint.com/v2/url?u=https-3A__status.nine.ch_en_messages_544=DQICAg=IL_XqQWOjubgfqINi2jTzg=FMm8Sl9W6__uWnDcLmalOBsri9zL5oYrP-sJQm64SM8=sQi92DTCBjQiG40sOXnakdGSFQstLAF0FUn9wybQeLY=8e4eokM6K4ntWYzPQq08TBxSzBlxhi3P9-Wbw-GCYjc=
 
https://urldefense.proofpoint.com/v2/url?u=https-3A__www.iway.ch_iway_status_=DQICAg=IL_XqQWOjubgfqINi2jTzg=FMm8Sl9W6__uWnDcLmalOBsri9zL5oYrP-sJQm64SM8=sQi92DTCBjQiG40sOXnakdGSFQstLAF0FUn9wybQeLY=ms0CdUVHHFLmHHslpnq05pVIprd0F-eGglBuof0hqWw=
 

Did anyone else observed similar symptoms?

Since these routers operate in various locations and ASNs but are the same 
make/model I suppose it's a software security issue. Can malicious packets 
force a linecard reboot?

Regards,

--
Fredy Kuenzler
Init7 (Switzerland) Ltd.
St.-Georgen-Strasse 70
CH-8400 Winterthur
Switzerland

https://urldefense.proofpoint.com/v2/url?u=http-3A__www.init7.net_=DQICAg=IL_XqQWOjubgfqINi2jTzg=FMm8Sl9W6__uWnDcLmalOBsri9zL5oYrP-sJQm64SM8=sQi92DTCBjQiG40sOXnakdGSFQstLAF0FUn9wybQeLY=qE_KmMaIhgAWw5qLyjv2FDjFRswLS3X_c9mEgd0lWU8=
 




___
swinog mailing list
swinog@lists.swinog.ch
https://urldefense.proofpoint.com/v2/url?u=http-3A__lists.swinog.ch_cgi-2Dbin_mailman_listinfo_swinog=DQICAg=IL_XqQWOjubgfqINi2jTzg=FMm8Sl9W6__uWnDcLmalOBsri9zL5oYrP-sJQm64SM8=sQi92DTCBjQiG40sOXnakdGSFQstLAF0FUn9wybQeLY=SsVJUo-h-55E6Gpdvv8V8Uxaj2-Q3Qgjc_xEjVdXZ64=
 


___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog

[swinog] Brocade MLXe: Random Linecard Reboot - anyone else?

2016-09-18 Diskussionsfäden Fredy Kuenzler

Friday night we observed several Brocade MLXe linecards rebooting (several 
locations, i.e. Amsterdam, Frankfurt, Geneva), which caused network instability 
due to flapping iBGP etc.

As of now we know that iWay and nine.ch suffered from similar issues in the 
same time window, and we believe that they use also Brocade MLXe.

Tonight around 4 a.m. symptoms occurred again, on a lesser degree. nine.ch 
reports it too.

For reference the tickets:
http://www.init7.net/de/status/?ticket=10348
https://status.nine.ch/en/messages/544
https://www.iway.ch/iway/status/

Did anyone else observed similar symptoms?

Since these routers operate in various locations and ASNs but are the same 
make/model I suppose it's a software security issue. Can malicious packets 
force a linecard reboot?

Regards,

--
Fredy Kuenzler
Init7 (Switzerland) Ltd.
St.-Georgen-Strasse 70
CH-8400 Winterthur
Switzerland

http://www.init7.net/




___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog

Re: [swinog] Brocade MLXe: Random Linecard Reboot - anyone else?

Re: [swinog] Brocade MLXe: Random Linecard Reboot - anyone else?

Re: [swinog] Brocade MLXe: Random Linecard Reboot - anyone else?

Re: [swinog] Brocade MLXe: Random Linecard Reboot - anyone else?

Re: [swinog] Brocade MLXe: Random Linecard Reboot - anyone else?

Re: [swinog] Brocade MLXe: Random Linecard Reboot - anyone else?

[swinog] Brocade MLXe: Random Linecard Reboot - anyone else?

7 matches

Site Navigation

Mail list logo

Footer information