Cisco IOS Exploit Cover Up

Scott Morris swm at emanon.com
Fri Jul 29 19:15:47 UTC 2005


And quite honestly, we can probably be pretty safe in assuming they will not
be running IPv6 (current exploit) or SNMP (older exploits) or BGP (other
exploits) or SSH (even other exploits) on that box.  :)  (the 1601 or the
2500's)

But, in the advisory that Cisco put out, it did mention free software
upgrades were available even to non-contract customers.  They simply had to
originate from a call to TAC about it.  Doesn't seem too bad. 

Not everyone has to worry about these things.  Place and time.

Scott


-----Original Message-----
From: owner-nanog at merit.edu [mailto:owner-nanog at merit.edu] On Behalf Of
David Barak
Sent: Friday, July 29, 2005 2:52 PM
To: nanog at merit.edu
Subject: Re: Cisco IOS Exploit Cover Up




--- John Forrister <john at segfault.com> wrote:
> Indeed - Cisco's hardware, especially the older, smaller boxes, tended 
> to be really solid once you got them running.  I was just pondering a 
> few minutes ago on how many 2500's I configured & installed in 1996 & 
> 1997 are still running today, on code that's no longer supported by 
> Cisco, and which are incapable of taking enough flash to load a newer 
> image.

As a definite example, A client of mine has a 1601 sitting on the end of a
T1 running 11.3...  They're not interested in spending any money on an
upgrade, as the box is doing exactly what they want: running RIP internally,
and taking Ethernet-in and Serial-out.

-David

 

__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around
http://mail.yahoo.com 




More information about the NANOG mailing list