Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

ABOVE.NET SECURITY TRUTHS?

  • From: Exiled Dave
  • Date: Fri Apr 28 15:03:11 2000


> > I guess by now everyone knows what happened. 
Paul, can you share some info
> > with the rest of us about what the vulnerability
was so we can "plug the
> > hole"?
>
> "Plug the hole" was a figure of speech.  You pretty
much all know that if
> MFN/Abovenet suspected a way in which other
providers were vulnerable, we'd
> have shared that information with you (privately) by
now.
> --
> Paul Vixie <vixie@mibh.net>
> SVP for Internet Services, MFNX

HAHAHA the reason no other provider is vulnerable is
because no other
provider with half a clue has the same simple login
and enable "p4ssw0rds"
on all their switches, and internal machines in their
sjc facilities on
hubs. What does one expect will happen when their
switch passwords become
public knowledge? The funny thing is the passwords
were originally sniffed
by MafiaBoy.

There's no need to "privately" share a fix/hole in
this case. 
The ENTIRE problem here, is above's total inability to
secure their own switches.
And it SHOULD be public. People who control literally
MILLIONS OF DOLLARS of other people's data per second
NEED to learn, that CORE NETWORKS NEED TO BE
PROTECTED. (i.e. CHANGING PASSWORDS, NOT PERMITTING
"COMMON PASSWORDS")
I hope we ALL learn a lesson from this.





__________________________________________________
Do You Yahoo!?
Talk to your friends online and get email alerts with Yahoo! Messenger.
http://im.yahoo.com/





Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.