nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: NSA able to compromise Cisco, Juniper, Huawei switches

From: shawn wilson <ag4ve.us () gmail com>
Date: Mon, 30 Dec 2013 08:24:01 -0500
On Mon, Dec 30, 2013 at 8:07 AM, Ray Soucy <rps () maine edu> wrote:



I hope Cisco, Juniper, and others respond quickly with updated images for
all platforms affected before the details leak.


So, if this plays out nice (if true, it won't), the fix will come
months before the disclosure. Think, if you're leasing a router from
your ISP, you might not have the ability to update it (or might
violate your contract). So, you need to wait for [manufacturer] to
update, test, and release an update, then you need to work with your
provider to make sure the update gets pushed correctly.

Also, even open hardware isn't completely open - see the Pi - probably
the most open of hardware stacks. The CPU isn't completely open. Also,
see FreeBSD not using hardware PRNG for this reason.
Previous By Date Next
Previous By Thread Next

Current thread: