nanog mailing list archives
Re: New Cisco Vulnerability
From: Eric Gauthier <eric () roxanne org>
Date: Thu, 17 Jul 2003 16:10:59 -0400
On Wed, 16 Jul 2003, Eric Gauthier wrote:
Ok, fine, don't tell the rest of use what it is, how to detect it, or how to defend against it. We in the university space will just do nothing because we have nothing to put into our IDS sensors to watch for/block it out. Because, you know, we're going to be the sources :)
not like you guys do anything even when we *do* notify you.
Ok, I see that my humor was lost on several people who flamed me... Come on people, when have we ever looked to University networks for security! We have come a long way though. In terms of dealing with security issues, I think we've definitely moved from the level of a cable-modem end user to around the level of a Tier-2 ISP :) Eric :) PS: In case there is any confusion, from what I've seen, I think Cisco definitely did the right thing. They found a nasty bug in their lab testing. They went back and patched almost every freaking version of code, even ones people probably shouldn't be running. In terms of notifications, it first went to the US government (i.e. Homeland security, FBI, etc), then the major backbone players who comprise the core of the Internet and provide an overwhelmingly large percentage of the Internet's transit, then informed the general public. In addition, they're keeping the details secret (though I'm sure someone pretty soon will reverse-engineer the attack) but providing details on how to protect against it (i.e. upgrade or use this ACL).
Current thread:
- New Cisco Vulnerability Vincent J. Bono (Jul 16)
- Re: New Cisco Vulnerability Petri Helenius (Jul 16)
- <Possible follow-ups>
- Re: New Cisco Vulnerability Gregory Hicks (Jul 16)
- Re: New Cisco Vulnerability John Payne (Jul 16)
- Re: New Cisco Vulnerability Jay Hennigan (Jul 16)
- Re: New Cisco Vulnerability David Raistrick (Jul 16)
- Re: New Cisco Vulnerability Petri Helenius (Jul 16)
- Re: New Cisco Vulnerability Eric Gauthier (Jul 16)
- Re: New Cisco Vulnerability Michael Sinatra (Jul 16)
- Re: New Cisco Vulnerability John Payne (Jul 16)