[nsp-sec] AS4 / ASN32 and IOS
David Freedman
david.freedman at uk.clara.net
Mon Feb 2 08:39:13 EST 2009
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I'm sure many of you have seen posts from Rob Shakir
on many mailing lists recently regarding this:
http://www.merit.edu/mail.archives/nanog/msg14345.html
Cisco's PSIRT have refused to react:
"Because PSIRT does not have knowledge of malicious use of the issue"
So this is really a heads up, it is a standards issue and is being
addressed by draft-chen-rfc4893bis-00.txt and discussed on IETF idr
mailing list
(http://www.nabble.com/-Fwd%3A-I-D-Action%3Adraft-chen-rfc4893bis-00.txt--to21645335.html)
In the interim, I would strongly advise AGAINST deploying IOS code which
has ASN32 support (latest 12.0(S) train for example), especially if this
box will be facing your upstreams or peers.
Have no information from Juniper about the implications for JunOS,,
perhaps somebody else would like to comment?
Dave.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iEYEARECAAYFAkmG94AACgkQtFWeqpgEZrIk/wCfeLwUZbxThWv7gr8HWK5ZJNU+
AeIAoK0ZS450xN1VTwkA8kzqyKZ3vIx8
=EiuC
-----END PGP SIGNATURE-----
More information about the nsp-security
mailing list