[c-nsp] Prepare for router Wednesday
Whisper
whisper555 at gmail.com
Wed Mar 26 23:36:00 EDT 2008
Gary
Wasn't this router Wednesday only a month or so worth of updates, if that?
If so, imagine 6 months worth!
I guess we get to find out what it is really like at the end of September
2008.
On Thu, Mar 27, 2008 at 1:18 PM, Buhrmaster, Gary <gtb at slac.stanford.edu>
wrote:
>
> > For example one of the vulnerabilities was a DLSw issue. If
> > you're not running DLSw anywhere, then there's not much need
> > to continue reading that bulletin.
>
> From Microsoft Tuesday experience, that is not an entirely
> safe approach. You have to read far enough into the advisory
> so that you are sure you are not running some combination
> of features that end up enabling the vulnerability as a
> side effect. While Cisco has fewer side effects than some
> vendors, sometimes a default is not what one would expect,
> and just reading the title is not adequate (oh, you mean
> I get proxy-arp by default?)
>
> Carefully reading a handful of emails every six months
> (and others as necessary for active exploits) does not
> feel like a large burden to me. But I may be unique.
>
> Gary
>
More information about the cisco-nsp
mailing list