[82719] in North American Network Operators' Group
Re: Cisco IOS Exploit Cover Up
daemon@ATHENA.MIT.EDU (Florian Weimer)
Thu Jul 28 12:30:16 2005
From: Florian Weimer <fw@deneb.enyo.de>
To: "Fergie (Paul Ferguson)" <fergdawg@netzero.net>
Cc: rbf@rbfnet.com, nanog@merit.edu
Date: Thu, 28 Jul 2005 17:52:59 +0200
In-Reply-To: <20050728.084027.855.161928@webmail24.lax.untd.com>
(fergdawg@netzero.net's message of "Thu, 28 Jul 2005 15:39:31 GMT")
Errors-To: owner-nanog@merit.edu
> Lynn's statement would tend to make one believe that this is
> yet another example of a vulnerability that is awaiting an
> exploit, not one that has yet to be discovered -- a sort of
> Sword of Damocles, if you will...
I think he's just pointing out that the risk assessments of many
network operators are way off. Some postings to this list certainly
suggest that. Too many people seem to have forgotten the work done by
Phenoelit. Maybe their exploits leave something to be desired, but,
as the saying goes, attacks only get better.
In other words, it's not about a single vulnerability. It's about a
widespread belief in the invincibility of IOS. And, to be honest, I'm
scared how many people subscribe to that religion. Such irrationality
puts networks at risk, far more than any single vulnerability could.
