[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: impact of recent cisco vulnerability

To: itojun@iijlab.net
Subject: Re: impact of recent cisco vulnerability
From: "Steven M. Bellovin" <smb@research.att.com>
Date: Mon, 21 Jul 2003 06:58:01 -0400
Cc: iab@ietf.org, iesg@ietf.org

In message <20030721061212.8865813@coconut.itojun.org>, itojun@iijlab.net write
s:
>	because of recent cisco vulnerability, many ISPs installed filters
>	that would drop mobile-ip4 (ip protocol type 55), both inbound and
>	outbound at EBGP routers, as a countermeasure until they upgrade all
>	of the cisco routers they have.  it would seriously impact the
>	deployment/use of mobile-ip4.
>
>	also swipe (53), sun ND (77), PIM (103) are getting filtered.  i don't
>	think PIM operation will be affected by this as people wouldn't use
>	PIM across AS borders.  not sure about swipe and sun ND.

SWIPE was an experimental predecessor to IPsec.  I doubt that anyone is 
using it at all.  As Erik said, ND is also obsolete.

I know more about it, but often from private mailing lists, so I'm not 
sure what I can say.  But the filtering is being installed around the 
edges because of the many ways the bug can be triggered.

		--Steve Bellovin, http://www.research.att.com/~smb

Prev by Date: Spam mail warning notification! (Non-English Trap)
Next by Date: Re: Financials of the IETF - 2002 figures and 2003 budget
Previous by thread: Re: impact of recent cisco vulnerability
Next by thread: issue tracker links in ietf wg charter page?
Index(es):
- Date
- Thread