That is always a great thing to do. If one company says it's another's fault, you kindly ask them to hold on a second, get the other company on the line and let them hash it out.
I can say that it works every time :-) ex ----- Original Message ----- From: "Jason Dodson" <[EMAIL PROTECTED]> To: "Geo." <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Monday, March 29, 2004 2:35 PM Subject: [Full-Disclosure] Re: Addressing Cisco Security Issues > I have had a similar run-around with AT&T Broadband and Sprint a while back, pertaining to a DoS > attack my organization was experiencing. Not to dive into details, to resolve the issue, I got > them both on the line in a 3-way conversation, and it was taken care of in less then 5 minutes. > They didn't seem to eager to shrug off the responsibility to someone else, when that someone else > was right there on the phone. > > Jason Dodson > > --- "Geo." <[EMAIL PROTECTED]> wrote: > > I have to post this because I consider this to be a security issue in it's > > own right. > > > > Recently there were a number of exploits released for cisco equipment, among > > the affected equipment were the 677 and 678 consumer DSL routers of which > > there are millions in use. > > > > I have one such router, the DSL circuit is provided by Alltel and I work for > > the ISP who provides the actual internet access. > > > > So upon reading recent warning notice sent to the security email lists about > > the exploits being publicly available I went and read > > http://www.cisco.com/warp/public/707/CBOS-DoS.shtml which pretty much says > > any router running a version of CBOS prior to 2.4.5 (actually you need 2.4.6 > > because of later exploits) is vulnerable. > > > > So like a good netizen I contacted cisco TAC via telephone, gave them my 678 > > serial number and they informed me that they could not provide the security > > update because my router is registered to alltel (alltel did provide the > > router when I ordered the DSL circuit), please call Alltel to get it. Ok so > > then I called Alltel, who told me no problem we can email you the update and > > asked for my email address. Except since Alltel is not the ISP I don't have > > an alltel email address so then they won't email it to me, please contact > > your ISP. I then informed Alltel that I AM MY ISP to which they replied they > > still could not provide the patch and that I would have to get it from > > Cisco. > > > > So then I call Cisco TAC again, this time I explain the full details of all > > I've just been thru and the tech decides to ask someone. Comes back and says > > if I register on the cisco website that he can open a ticket and get someone > > to call me back on it. (I'm presently waiting for that call) > > > > In the mean time I decided to google for it and low and behold I found 2.4.6 > > on a website (url not posted to protect the life saving individuals who put > > it on the web). Now of course I've no way to know if this version I just > > found is safe or not but HELLO CISCO??? > > > > If you are going to issue security alerts that require ISP's and consumers > > to patch their hardware devices then you had better damn well make sure that > > folks can actually GET THE PATCHES. It would require no effort at all to > > post a bogus version full of back doors and whatnot on the web and after > > seeing the nightmare it is to obtain the patch thru official channels it's > > clear to me that this would be a very popular download. > > > > Geo. > > > > > __________________________________ > Do you Yahoo!? > Yahoo! Finance Tax Center - File online. File on time. > http://taxes.yahoo.com/filing.html > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html > > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
