We installed acl's on all our routers last night, which was the Workaround..
Larry Letterman Cisco Systems -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Robertson, Douglas Sent: Friday, July 18, 2003 7:34 AM To: [EMAIL PROTECTED] Subject: RE: a really big bug [7:72463] I would like the opinion of the group as to what they are suggesting to customers or doing on there own network. I am of the opinion that as long as the network (Intranet) has been correctly protected, firewalls/ACL on the perimeter and that the internal network device IP's are not accessible from the Internet there should be no immediate requirement to go through the entire network upgrading the IOS. This could introduce some new bug/issue into the network that will have more catastrophic consequences than the remote possibility of someone attacking a router/switch and causing a port to stop forwarding packets for a small time period. The work around for fixing a device that has been attacked is to simply increase the Input buffer (this will allow the port to start forwarding packets again) and then schedule a reload. This is much more predictable than introducing a new bug (known or unknown) into the network by upgrading all the devices. If there was already a project underway to upgrade the network then obviously upgrade to the fixed versions. So my stand point is to ensure that the perimeter devices offer the required protection against this attack and not upgrade a stable and functional network based only on this vulnerability. Again this is my opinion and I just want to find out if I am way off base or if this is what other professionals are doing. Thanks Doug -----Original Message----- From: Peter Benac [mailto:[EMAIL PROTECTED] Sent: Friday, July 18, 2003 7:44 AM To: [EMAIL PROTECTED] Subject: Re: a really big bug [7:72463] I am glad you are not representative of the current Cisco Culture. Your attitude in this matter really is not acceptable and I would hope that Cisco's attitude would be better. Any exploit hypothetical or not quickly spreads acrossed the internet faster then Bill Gates can find another security flaw in Windows. My Solaris Servers that face the internet are under constant bombardment from would be windows script kiddies. It doesm't matter to them whether I have a Solaris System or a Windows System. They want to be real hackers and will try anything that is posted. This applies to other systems as well. Cisco has the major market share and therefore is the primary target. Cisco is not Microsoft, and never has been. They have always put their flaws right in peoples faces. The infamous SNMP bug was published and fixed long before CERT published it. Cisco has a PSIRT team whose soul function in life is security risk accessment. I have never known Cisco to call a potential Security threat "Entertainment". Perhaps we should send your response to this to John Chambers and see what he will say. I still remember his e-mail address since I too am an ex-cisco employee. Regards, Pete ---- Peter P. Benac, CCNA Emacolet Networking Services, Inc Providing Systems and Network Consulting, Training, Web Hosting Services Phone: 919-847-1740 or 866-701-2345 Web: http://www.emacolet.com Need quick reliable Systems or Network Management advice visit http://www.nmsusers.org To have principles... First have courage.. With principles comes integrity!!! I sincerly hope that Cisco is not becoming Microsoft. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=72582&t=72463 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
