|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Emergency Internet Backbone Provider Maintenance Tonight
This is just a stream of consciousness, but I perceive that most of the "vulnerabilities" (BGP, SNMP, etc) are mostly knee-jerk reactions to what is reported to vendors by trophy hunters out there looking for easy kills. For sure, they are real and true, and need to be disclosed by the relevant vendors that are affected, but is the frenzy that ensues after the vulnerability announcements warranted? Discuss.. :-) On 24/1/05 8:40 PM, "Pekka Savola" <[email protected]> wrote: > On Mon, 24 Jan 2005, Wayne E. Bouchard wrote: >> Well, the point was made in my office on Friday that the upgrade was >> not just snmp or sshd but that they were required to upgrade the core >> operating code. This suggests to me that it's something to do with >> packets or packet handling, not with services. Which makes me all the >> more concerned. Of course, it will probably be something along the >> lines of "When reciving a packet with such and such format with some >> particular service enabled, the router might reload under specific >> conditions" or some such thing that will not affect many people other >> than the tier 1s who work their routers way harder than any of us >> lilliputians. > > Well, the last time an upgrade like this was pushed through was caused > by the (BGP) TCP RST spoofing "vulnerability", which was not a big > issue at all especially if you had secured your borders properly > against spoofing. I really hope it's bigger this time..
|