This has me wondering if there are any BCPs that touch on the whole idea of filtering traffic destined to your router, or what the advisory called "infrastructure filtering". All in all, it seems like a good idea to block any direct access to router interfaces. But as some have probably found already, it's a big pain in the arse. If I recall correctly, Rob's Secure IOS Template touches on filtering known services (the BGP listener, snmp), but what are people's feelings on maintaining filters on all interfaces *after* loading a fixed IOS? Thanks, Charles -- Charles Sprickman spork@inch.com On Fri, 18 Jul 2003, Irwin Lazar wrote:
Just out of curiosity, are folks just applying the Cisco patch or do you go through some sort of testing/validation process to ensure that the patch doesn't cause any other problems? Given typical change management procedures how long is taking you to get clearance to apply the patch?
I'm trying here to gauge the length of time before this vulnerability is closed out.
irwin