[59780] in North American Network Operators' Group
Re: Cisco Vulnerability Testing Results
daemon@ATHENA.MIT.EDU (alex@yuriev.com)
Sat Jul 19 09:54:26 2003
Date: Sat, 19 Jul 2003 10:10:36 -0400 (EDT)
From: alex@yuriev.com
To: Jim Duncan <jnduncan@cisco.com>
Cc: Jason Frisvold <friz@corp.ptd.net>, nanog@merit.edu
In-Reply-To: <200307190629.h6J6TiH13891@rooster.cisco.com>
Errors-To: owner-nanog-outgoing@merit.edu
> All other prior versions of IOS do not contain the software that
> introduced the vulnerability and are probably not vulnerable, but I will
> not be able to confirm that by testing it.
>
> > So.. everyone running AGS+'s in the core, beware.. *grin*
>
> The workarounds should apply, but not much else. ;-)
"We are C. We never have a fix. We have a patch... after patch.... after
patch... after patch... after patch... and at some point there is no more
patches, but there is no fix either"
I have this brilliantly simple idea that somehow everyone forgets, while
they tout all the new "advanced stuff". Do not introduce yet another name
for filtering that works only in some cases. Fix the filtering code so we
can filter *anything* at *any packet rate* on *any interface* that pass *any
traffic* without bringing the router to its knees.
Alex
