On Wed, 16 Jul 2003, Eric Gauthier wrote:
Ok, fine, don't tell the rest of use what it is, how to detect it, or how to defend against it. We in the university space will just do nothing because we have nothing to put into our IDS sensors to watch for/block it out. Because, you know, we're going to be the sources :)
not like you guys do anything even when we *do* notify you.
Ok, I see that my humor was lost on several people who flamed me... Come on people, when have we ever looked to University networks for security! We have come a long way though. In terms of dealing with security issues, I think we've definitely moved from the level of a cable-modem end user to around the level of a Tier-2 ISP :) Eric :) PS: In case there is any confusion, from what I've seen, I think Cisco definitely did the right thing. They found a nasty bug in their lab testing. They went back and patched almost every freaking version of code, even ones people probably shouldn't be running. In terms of notifications, it first went to the US government (i.e. Homeland security, FBI, etc), then the major backbone players who comprise the core of the Internet and provide an overwhelmingly large percentage of the Internet's transit, then informed the general public. In addition, they're keeping the details secret (though I'm sure someone pretty soon will reverse-engineer the attack) but providing details on how to protect against it (i.e. upgrade or use this ACL).