BGP Experiment

Töma Gavrichenkov ximaera at gmail.com
Wed Jan 9 18:58:23 UTC 2019


On Wed, Jan 9, 2019 at 9:51 PM Saku Ytti <saku at ytti.fi> wrote:
> I think this contains some assumptions
>
> 1. discovering security issues in network devices is expensive (and
> thus only those you glean from vendor notices realistically exist)
> 2. downside of being affected by network device security issue is expensive
>
> I'm very skeptical if either are true.

Well, it's significantly harder to look for vulns in closed source
firmware which only runs on certain expensive devices.  My point is
that e.g. FRR is an open source software which is designed to run on
the same Intel-based systems as the one which probably powers your
laptop.

I've received a note from FRR devs stating that they're going to get a
CVE number soon.  It's a good sign, though it should have happened a
bit before roughly a thousand of this mailing list subscribers have
been informed about the issue, but anyway.

--
Töma



More information about the NANOG mailing list