nanog mailing list archives
Re: Patching for Cisco vulnerability
From: Jason Frisvold <friz () corp ptd net>
Date: 18 Jul 2003 15:32:05 -0400
On Fri, 2003-07-18 at 14:29, Irwin Lazar wrote:
Just out of curiosity, are folks just applying the Cisco patch or do you go through some sort of testing/validation process to ensure that the patch doesn't cause any other problems? Given typical change management procedures how long is taking you to get clearance to apply the patch?
I think a lot of providers are doing the minimum testing required (upgrade, does it boot? can I ping?) and then rolling it out... I guess it's more of an implicit trust type deal rather than having routers running with an increased load because of ACL's and still having the possibility of a vulnerable router because something was overlooked.. Going forward, if you go the ACL route, every time you add a new interface you need to be sure to either apply the "any any" acl to it, or add the new ip's to the "big" block by ip acl ...
I'm trying here to gauge the length of time before this vulnerability is closed out.
I don't think it will ever truly go away.. there are lots of "older" routers that won't be able to support the newer code, albeit small routers like the 2500's, but they'll exist..
irwin
-- --------------------------- Jason H. Frisvold Backbone Engineering Supervisor Penteledata Engineering friz () corp ptd net RedHat Engineer - RHCE # 807302349405893 Cisco Certified - CCNA # CSCO10151622 MySQL Core Certified - ID# 205982910 --------------------------- "Imagination is more important than knowledge. Knowledge is limited. Imagination encircles the world." -- Albert Einstein [1879-1955]
Attachment:
signature.asc
Description: This is a digitally signed message part
Current thread:
- Patching for Cisco vulnerability Irwin Lazar (Jul 18)
- RE: Patching for Cisco vulnerability Bob German (Jul 18)
- Re: Patching for Cisco vulnerability Jared Mauch (Jul 18)
- Re: Patching for Cisco vulnerability Daniel Roesen (Jul 18)
- Re: Patching for Cisco vulnerability Jared Mauch (Jul 18)
- Re: Patching for Cisco vulnerability Daniel Roesen (Jul 18)
- Re: Patching for Cisco vulnerability Larry Rosenman (Jul 18)
- Re: Patching for Cisco vulnerability Petri Helenius (Jul 18)
- Re: Patching for Cisco vulnerability Daniel Roesen (Jul 18)
- Re: Patching for Cisco vulnerability Stephen J. Wilcox (Jul 18)
- Re: Patching for Cisco vulnerability Jason Frisvold (Jul 18)
- Re: Infrastructure Filtering (was Re: Patching for Cisco vulnerability) Petri Helenius (Jul 18)
- Re: Infrastructure Filtering (was Re: Patching for Cisco vulnerability) Niels Bakker (Jul 18)
- Re: Infrastructure Filtering (was Re: Patching for Cisco vulnerability) Curtis Maurand (Jul 18)
- Re: Infrastructure Filtering (was Re: Patching for Cisco vulnerability) Jared Mauch (Jul 18)
- Re: Infrastructure Filtering (was Re: Patching for Cisco vulnerability) Niels Bakker (Jul 18)
- Re: Infrastructure Filtering (was Re: Patching for Cisco vulnerability) Christopher L. Morrow (Jul 18)
- Re: Infrastructure Filtering (was Re: Patching for Cisco vulnerability) Niels Bakker (Jul 18)