--- nanog@nanog.org wrote: From: "Jean | ddostest.me via NANOG" <nanog@nanog.org>
What's the impact on your network? Everything is under control?
I really thought that more Cisco devices were deployed among NANOG. I guess that these devices are not used anymore or maybe that I understood wrong the severity of this CVE. --------------------------------------- Just because you use cisco devices doesn't mean you have to use their proprietary protocols, such as EIGRP or CDP. OSPF or LLDP work just fine and interoperate with other vendors... :) scott
I really thought that more Cisco devices were deployed among NANOG.
I guess that these devices are not used anymore or maybe that I understood wrong the severity of this CVE.
A proper network design helps to mitigate flaws like this. If you have CDP off, which many people do, then this exploit is not that big of a deal to you. If your devices are on a management network then it’s not that big of a deal. Just because a certain vendor has vulnerabilities exposed doesn’t it’s an all hand on deck scenario. Many of the folks on NANOG have a good grasp of network design. Sure, some don’t. But for the most part they do. Justin Wilson lists@mtin.net — https://j2sw.com - All things jsw (AS209109) https://blog.j2sw.com - Podcast and Blog
On 10/02/2020 18:13, Scott Weeks wrote:
Just because you use cisco devices doesn't mean you have to use their proprietary protocols, such as EIGRP or CDP. OSPF or LLDP work just fine and interoperate with other vendors... :)
The CDPwn vulnerability covers similar vulnerabilities in LLDP, and does indeed demonstrate that network segmentation (i.e. "dude it's just L2") is not the last word in mitigating against said vulnerabilities. You ought to all be far more concerned, IMO. -- Tom
participants (3)
-
Justin Wilson
-
Scott Weeks
-
Tom Hill