Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Emergency Internet Backbone Provider Maintenance Tonight

  • From: Colin Neeson
  • Date: Mon Jan 24 04:54:59 2005

This is just a stream of consciousness, but I perceive that most of the
"vulnerabilities" (BGP, SNMP, etc) are mostly knee-jerk reactions to what is
reported to vendors by trophy hunters out there looking for easy kills.  For
sure, they are real and true, and need to be disclosed by the relevant
vendors that are affected, but is the frenzy that ensues after the
vulnerability announcements warranted?

Discuss.. :-)

On 24/1/05 8:40 PM, "Pekka Savola" <> wrote:

> On Mon, 24 Jan 2005, Wayne E. Bouchard wrote:
>> Well, the point was made in my office on Friday that the upgrade was
>> not just snmp or sshd but that they were required to upgrade the core
>> operating code. This suggests to me that it's something to do with
>> packets or packet handling, not with services. Which makes me all the
>> more concerned. Of course, it will probably be something along the
>> lines of "When reciving a packet with such and such format with some
>> particular service enabled, the router might reload under specific
>> conditions" or some such thing that will not affect many people other
>> than the tier 1s who work their routers way harder than any of us
>> lilliputians.
> Well, the last time an upgrade like this was pushed through was caused
> by the (BGP) TCP RST spoofing "vulnerability", which was not a big
> issue at all especially if you had secured your borders properly
> against spoofing.  I really hope it's bigger this time..

Discussion Communities

About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home

Merit Network, Inc.