According to Cisco at:
http://www.cisco.com/warp/public/707/cisco-sa-20030917-openssh.shtml.
this impacts CatOS, their storage router line, their HSE line,
and their WLSE lines, and is not an IOS issue. Details on the web page.
No fixed versions of software are available yet.
Gary
Depending on the service being provided, Microsoft
has their own clustering solution which will
perform failover. Sometimes choosing full vendor
supported technologies is the easiest path.
With Windows 2003 Server they even support
geographically disperses failover. Info at:
Microsoft has said Windows XP SP2 will have the firewall
turned on by default, and that they have considered
reissuing the installation CD's such that a new installation
will have the firewall enabled to deal with just this
problem. I do not know the current state of the
consideration, but to
The video *might* be available on the Washington Post later today.
From http://netsec.blogspot.com/
Michael Lynn's The Holy Grail: Cisco Shellcode and Remote Execution
presentation blew the doors off of Caesar's Palace Today with a full
shell code exec capabilities for nearly ANY Cisco
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On
Behalf Of James Baldwin
Sent: Thursday, July 28, 2005 10:36 AM
To: [EMAIL PROTECTED]
Cc: nanog@merit.edu
Subject: Re: Cisco IOS Exploit Cover Up
Lynn developed this information based on publicly
Would this not be a great way to infect thousands of
network operations systems due to a PDF exploit? It
is like free beer to many network operators, they
just *have* to consume it. One could take control
of the network by taking control of the systems
of the people operating it and silently
The *best* exploit is the one alluded to in the presentation.
Overwrite the nvram/firmware to prevent booting (or, perhaps,
adjust the voltages to damaging levels and do a smoke test).
If you could do it to all GSR linecards, think of the RMA
costs to Cisco (not to mention the fact that Cisco
To make this operational, will this speed up BGP convergence?
(note that there is a difference between group velocity
and phase velocity. The posters of 300,000 Kilometers Per
Second. It's Not Just a Good Idea, It's the Law! are still
valid).
-Original Message-
From: [EMAIL
now that you know the whole story, perhaps you'll reevaluate
your position.
While I have a number of opinions on the subject (who on
this list does not have opinions?), I suggest that the
program committee members take this on as todo to formulate
some sort of acceptable practice for
Last I heard, the IEEE won't go along, and they're the ones who
standardize 802.3.
A few years ago, the IETF was considering various jumbogram options.
As best I recall, that was the official response from the relevant
IEEE folks: no. They're concerned with backward compatibility.
As I
Kerberos does not assume clock synchronization.
Kerberos requires reasonable clock synchronization.
To be more precise, Kerberos requires those systems
for which it is providing (authentication) services
to agree, within a configured (usually) 5-10 minutes.
There is no requirement that those
Subject: Sun Project Blackbox / Portable Data Center
www.sun.com/blackbox
Has anyone seen one of these things in real life?
SLAC has a blackbox (which is actually white)
installed, and running it packed with servers
for batch computing for the high energy physics program.
... Why not suck up and go with the
economic solution? Seems like the easy thing is for the ISPs to come
clean and admit their unlimited service is not and put in upload
caps and charge for overages.
Who will be the first? If there *is* competition in the
marketplace, the cable company does
Ah. Sorry, guess that would be important. Win XP
If you are willing to do some (dot net) scripting,
look at the information at:
http://msdn2.microsoft.com/en-us/library/ms700657.aspx
Receiving notifications when things change
Gary
To put it another way, they do not give you a better price
per minute if you go and deposit $2400 in your prepaid account.
Actually, ATT did (when I last looked at at least one
of their prepaid plans a year or so ago for a friend).
Deposit $100, get a $20 bonus. Or something like that.
My guess is the market will work this out. As soon as it's implemented,
you'll see ATT commercials in that town slamming cable and saying how DSL
is really unlimited.
If I were the DSL companies, I would consider advertising
with a commercial recalling the fable of the tortoise and
the
FPGAs can be used to do both SRAM and TCAMs. All that is needed
is an FPGA board with 10G or a 10G card with an FPGA on it.
The Xilinx Virtex family can already do 10G, if you
are into FPGA development (I seem to recall the
first Xilinx FPGA that could do 10G was 4-5 years
ago; forever in
... feed tcp throughput equation into your favorite search
engine for a lot more references.
There has been a lot of work in some OS stacks
(Vista and recent linux kernels) to enable TCP
auto-tuning (of one form or another), which is
attempting to hide some of the worst of the TCP
18 matches
Mail list logo
