[174610] in North American Network Operators' Group
RE: Saying goodnight to my GSR
daemon@ATHENA.MIT.EDU (Keith Medcalf)
Sat Sep 20 17:18:06 2014
X-Original-To: nanog@nanog.org
Date: Sat, 20 Sep 2014 15:17:17 -0600
In-Reply-To: <CANdN9jb1S+ejYDnWXiO7xKYrT_UsUvdvw73doa5Dr2ZD0CxcRw@mail.gmail.com>
From: "Keith Medcalf" <kmedcalf@dessus.com>
To: "Ruairi Carroll" <ruairi.carroll@gmail.com>
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
I do not see any vulnerabilities listed there. Only documentation of behav=
ioral bugs, caveats, and restrictions.
A "vulnerability" would be something like the one Microsoft introduced into=
all versions of the Windows IP stack after Windows 2003 and Windows XP whe=
rein "the Operating System will execute the payload of an IP packet with SY=
STEM authority and SYSTEM integrity when a crafted IP packet is received in=
which a certain combination of invalid and reserved header bits are set".
>-----Original Message-----
>From: Ruairi Carroll [mailto:ruairi.carroll@gmail.com]
>Sent: Saturday, 20 September, 2014 14:57
>To: Keith Medcalf
>Cc: Daniel Sterling; Bacon Zombie; nanog@nanog.org
>Subject: Re: Saying goodnight to my GSR
>
>> And what, exactly, is it vulnerable to?
>
>Most of these, I'd imagine:
>http://www.cisco.com/c/en/us/td/docs/ios/12_0s/release/ntes/120SCAVS.html
>
>
>On 20 September 2014 14:25, Keith Medcalf <kmedcalf@dessus.com> wrote:
>
>
>
> And what, exactly, is it vulnerable to?
>
>
> >-----Original Message-----
> >From: NANOG [mailto:nanog-bounces@nanog.org] On Behalf Of Daniel
>Sterling
> >Sent: Saturday, 20 September, 2014 12:06
> >To: Bacon Zombie
> >Cc: nanog@nanog.org
> >Subject: Re: Saying goodnight to my GSR
> >
> >Again, you're focusing resentment towards someone who did the right
> >thing. Negative reinforcement will discourage others from taking
> >action and will discourage them from encouraging others to take
> >action.
> >
> >Let's focus on who still has vulnerable equipment and how to help
> >them. Let's not shame people who did the right thing
> >
> >Thanks,
> >Dan
> >
> >
> >On Sat, Sep 20, 2014 at 1:59 PM, Bacon Zombie
><baconzombie@gmail.com>
> >wrote:
> >> OK thank you for decommissioning this.*
> >>
> >> * Only if you either had authority to do so for max 1 year or had
>no
> >> authority but were fighting to have it patches or replaced for
>years.
> >> On Sep 20, 2014 7:54 PM, "Daniel Sterling"
><sterling.daniel@gmail.com>
> >> wrote:
> >>
> >>> On Sat, Sep 20, 2014 at 1:37 PM, Bacon Zombie
><baconzombie@gmail.com>
> >>> wrote:
> >>>
> >>> > So when was the last time you patched this internet facing
>device?
> >>>
> >>> Isn't the better response, thank you for decommissioning it?
> >>>
> >>> Can someone from cisco set up a poll or release whatever numbers
>they
> >>> have about how many of these old devices are still in service?
> >>>
> >>> Thanks,
> >>> Dan
> >>>
>
>
>
>
>
