On Mon, 10 Feb 2020 at 13:52, Jean | ddostest.me via NANOG <nanog@nanog.org> wrote:
I really thought that more Cisco devices were deployed among NANOG.
I guess that these devices are not used anymore or maybe that I understood wrong the severity of this CVE.
Network devices are incredibly fragile and mostly work because no one is motivated to bring the infrastructure down. Getting any arbitrary vendor down if you have access to it on L2 is usually so easy you accidentally find ways to do it. There are various L3 packet of deaths where existing infra can be crashed with single packet, almost everyone has no or ridiculously broken iACL and control-plane protection, yet business does not seem to suffer from it. Probably lower availability if you do upgrade your devices just because there is a known issue, due to new production affecting issues. -- ++ytti