possible rsync validation dos vuln

Randy Bush randy at psg.com
Fri Oct 29 17:10:26 UTC 2021

> there's a public statement about this from NCSC-NL:
>> https://www.ncsc.nl/actueel/nieuws/2021/oktober/29/aanstaande-bekendmaking-cvd-procedure-rpki

blah blah blah

bottom line.  they gave first notice to devs 4 days before threatened
disclosure.  that they then asked to embargo was just adding insult to


we will remember their names.  like the herzberg incident, "the internet
has two weeks to upgrade all microtiks globally before we intentionally
break it again."

would they do the same to the electric grid or other scada network?  the
internet's openness and kindness has led them to think we can be abused
willy nilly.

we will remember their names.


More information about the NANOG mailing list