I think it's important, as a service provider, to promptly inform your customers and affected networks of issues like this. And this isn't just an Exodus issue. There are a number of providers that simply ignore requests for information or are very slow about propagating exploit details quickly enough to matter. While they're not a provider, you can send a detailed exploit to CERT and then wait months before they get around to letting other folks know about the problem. And that's from an entity that supposedly exists to propagate useful information to prevent exploits....In the meantime, affected systems fall like flies. It's fortunate that venues like NANOG and BUQTRAQ are around to disseminate this type of information in a timeframe more useful to us all. And back to the subject matter....I have no doubt that Exodus was working on the problem. It just would have been nice to be informed by *anyone* official there in a timely manner of the problem. That's both from a customer's standpoint, and the Internet at large. Chris Chris Mauritz Director, Systems Administration Rare Medium, Inc. chrism@raremedium.com -----Original Message----- From: Steven J. Sobol [mailto:sjsobol@nacs.net] Sent: Wednesday, November 18, 1998 3:07 PM To: Steve Noble Cc: Jay R. Ashworth; nanog@merit.edu Subject: Re: Exodus / Clue problems On Wed, Nov 18, 1998 at 10:23:46AM -0800, Steve Noble wrote:
that work was/is not being done on the issue. Once Exodus spent the time assembling and presenting the information to the customer, their job was done. It is now up to the customer to speak (or not speak) about the issue.
I'm not saying Exodus wasn't working on it. I would have just like to hear some confirmation. A one-line message would have been cool. And yes, I think a discussion of how ISP's deal with problems like this is a good idea. -- Steve Sobol [sjsobol@nacs.net] Part-time Support Droid [support@nacs.net] NACS Spaminator [abuse@nacs.net] Spotted on a bumper sticker: "Possum. The other white meat."