Re: "Cisco gate" and "Meet the Fed" at Defcon....

[Christopher L. Morrow]

On Tue, 2 Aug 2005, [iso-8859-1] Bjørn Mork wrote:

> "Christopher L. Morrow" <christopher.morrow@mci.com> writes:
> > On Tue, 2 Aug 2005, [iso-8859-1] Bjørn Mork wrote:
> >> Randy Bush <randy@psg.com> writes:
> >>
> >> > fred, seeing as there is not now, and likely never will be fixed
> >> > versions for many of our routers (25xx, 17xx, ..., and i can't
> >>
> >> No?
> >>
> >> Logged in to ftp.cisco.com.
> >> Current remote directory is /cisco.
> >> ncftp /cisco > dir ios/12.3/12.3.15a/2500/
> >> -rw-rw-r--    1 518      1     11013444   Jul 25 14:50   c2500-c-l.123-15a.bin
> >> -rw-rw-r--    1 518      1     12303148   Jul 25 15:17   c2500-i-l.123-15a.bin
> >> -rw-rw-r--    1 518      1     16191744   Jul 25 14:34   c2500-is-l.123-15a.bin
> >
> > note image size of 11/12/16 mb... note that many (most?) 2500's don't have
> > 16M flash :( many, many referenced before (term servers for instance) are
> > 2mb flash boxes. It's possible that Randy's referring to this sort of
> > 2500.
>
> I might be wrong, but I thought an image with IPv6 support required
> 16 MB flash on the 2500?  Anyway, the upgrade path is there although

and in order to get 30k devices (more actually) upgraded I'll have to
spend 30k+X dollars? I'm fairly certain that's not going to happen. This
gets back to 2 things:
1) no (practical) upgrade path under security vulnerabilities (hence
reluctance of vendors to release info without fix)
2) possibly unhappy customers and vulnerabilities silently fixed in other
code trains.

Oh well...