Etaoin Shrdlu wrote: > NANOG-L is unique. There isn't anything else devoted to issues for truly > large networks, and the providers that manage the distance between them. > When I see Cisco (or Juniper, or Extreme) announcements about a > vulnerability, those are useful. Nonsense about Solaris 10 telnet > vulnerabilities, or FedGov meetings, or requests for someone from > Comcast to please call (and what is it with Comcast, anyway?).
I would just observe that despite once having been responsible for several (hundred) solaris machines I did not spend yesterday worrying about telnet vulnerabilities. Best Common Practices in this industry have involved disabling telnet except where infeasible for more than a decade. While I know of many cases of aging terminal servers on oob networks we do not as a community worry about that sort of thing collectively. I am interested in infrastructure threats including the occasional rogue botnet targeting the dns infrastructure. for end-systems issues I subscribe to the lists relevant to my end-systems. The security industry appears full these days with individuals willing to be overwrought at the drop of a hat. Disclosure is critical, crying wolf in some overwrought tone every time some piece of software is reveled to have flaws doesn't serve anyone well though.