IOS new architechture will be more vulnerable?

Valdis.Kletnieks at vt.edu Valdis.Kletnieks at vt.edu
Wed Aug 3 13:33:20 UTC 2005


On Wed, 03 Aug 2005 03:49:43 PDT, Aaron Glenn said:
> ...here's what the junior kernel hacker in me doesn't quite understand
> - doesn't software like ProPolice and it's brethren mitigate this type
> of vulnerability specifically? What, precisely, prevents Cisco from
> implementing such code in with their architecture?

"mitigate vulnerability" != "prevent vulnerability".

As long as it's a von Neumann architecture rather than a Harvard architecture,
there's potential issues.  Note that many mitigation strategies are basically
attempts to make it more Harvard-like....

Whether mitigation is sufficient is a topic for another list.. 

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20050803/2a3459c5/attachment.sig>


More information about the NANOG mailing list