Large operators have very little to gain from calling out the equipment
suppliers. In my personal experience large operators are already getting custom
code builds based on their exact requirements, which include disabling many of
the “standard” features they don’t use.
Sent from my iPhone
>
Being realistic, as you mentioned, these vendors do not have the right
incentive.
Thats one thing that operators can do and maybe it should be a recurring
theme at NANOG, calling out vendors to put some sanity and logic into how
iACLs and CoPP are handled. They can do a lot if they cared to spend
On Tue, 11 Feb 2020 at 16:09, Ahmed Borno wrote:
> Sorry for the sad tone, i just wish network operators would find a way to
> challenge these vendors and call their less than optimal quality.
It's hard, TINA. We can talk about white label, but in the end of the
day, that box is just as
I remember my conversation with an executive one day, where I was
enlightened on corporate greed.
I asked, why is there no investment in quality code, and I was schooled.
The exec said, one dollar spent on fixing bugs, returns zero dollars but
one dollar spent on nee features brings in 3 dollars
On 2/11/2020 2:04 AM, Saku Ytti wrote:
> On Tue, 11 Feb 2020 at 09:09, Ahmed Borno wrote:
>
>> So yeah iACLs, CoPP and all sorts of basic precautions are needed, but I'm
>> thinking something more needs to be done, specially if these ancient code
>> stacks are being imported into new age
On Tue, 11 Feb 2020 at 09:09, Ahmed Borno wrote:
> So yeah iACLs, CoPP and all sorts of basic precautions are needed, but I'm
> thinking something more needs to be done, specially if these ancient code
> stacks are being imported into new age 'IoT' devices, multiplying the attack
> vector by
Disclaimer, I do not work for any vendor right now, and I don't sell any
product that might benefit from scaring anyone, so this is just some
whining for a real issue that someone needs to do something about.
I've worked for the CDP vendor for a long time, and I do concur to what
Saku is
On 10/02/2020 18:13, Scott Weeks wrote:
> Just because you use cisco devices doesn't mean you have to use
> their proprietary protocols, such as EIGRP or CDP. OSPF or LLDP
> work just fine and interoperate with other vendors... :)
The CDPwn vulnerability covers similar vulnerabilities in LLDP,
>
> I really thought that more Cisco devices were deployed among NANOG.
>
> I guess that these devices are not used anymore or maybe that I
> understood wrong the severity of this CVE.
A proper network design helps to mitigate flaws like this. If you have CDP off,
which many people do,
--- nanog@nanog.org wrote:
From: "Jean | ddostest.me via NANOG"
> https://www.armis.com/cdpwn/
>
> What's the impact on your network? Everything is under control?
---
I really thought that more Cisco devices were deployed among NANOG.
I guess that these
On 10/02/2020 13:40, Saku Ytti wrote:
> There are various L3 packet of deaths where existing infra can be
> crashed with single packet, almost everyone has no or ridiculously
> broken iACL and control-plane protection, yet business does not seem
> to suffer from it.
The cynic in me would suggest
I remember a Cisco device with an ACL that was leaking. It was a 20
lines ACL with few lines to drop some packets based on UDP ports.
When under heavy stress, nearly line rate, we would see some of these
packets going through the ACL.
I said to my peers that the ACL was leaking. They didn't
On Mon, 10 Feb 2020 at 13:52, Jean | ddostest.me via NANOG
wrote:
> I really thought that more Cisco devices were deployed among NANOG.
>
> I guess that these devices are not used anymore or maybe that I
> understood wrong the severity of this CVE.
Network devices are incredibly fragile and
On Monday, 10 February, 2020 11:50, "Jean | ddostest.me via NANOG"
said:
> I really thought that more Cisco devices were deployed among NANOG.
>
> I guess that these devices are not used anymore or maybe that I
> understood wrong the severity of this CVE.
The phones / cameras side of it seems
I really thought that more Cisco devices were deployed among NANOG.
I guess that these devices are not used anymore or maybe that I
understood wrong the severity of this CVE.
Happy NANOG #78
Cheers
Jean
On 2020-02-07 09:21, Jean | ddostest.me via NANOG wrote:
CDPwn: 5 new zero-day Cisco
CDPwn: 5 new zero-day Cisco exploits
https://www.armis.com/cdpwn/
What's the impact on your network? Everything is under control?
Jean
16 matches
Mail list logo