[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: impact of recent cisco vulnerability
In message <20030721061212.8865813@coconut.itojun.org>, itojun@iijlab.net write
s:
> because of recent cisco vulnerability, many ISPs installed filters
> that would drop mobile-ip4 (ip protocol type 55), both inbound and
> outbound at EBGP routers, as a countermeasure until they upgrade all
> of the cisco routers they have. it would seriously impact the
> deployment/use of mobile-ip4.
>
> also swipe (53), sun ND (77), PIM (103) are getting filtered. i don't
> think PIM operation will be affected by this as people wouldn't use
> PIM across AS borders. not sure about swipe and sun ND.
SWIPE was an experimental predecessor to IPsec. I doubt that anyone is
using it at all. As Erik said, ND is also obsolete.
I know more about it, but often from private mailing lists, so I'm not
sure what I can say. But the filtering is being installed around the
edges because of the many ways the bug can be triggered.
--Steve Bellovin, http://www.research.att.com/~smb