nanog mailing list archives
Re: BGP Experiment
From: Saku Ytti <saku () ytti fi>
Date: Wed, 9 Jan 2019 20:51:25 +0200
On Wed, 9 Jan 2019 at 20:45, Töma Gavrichenkov <ximaera () gmail com> wrote:
Nope, this is a misunderstanding. One has to *check* for advisories at least once or twice a week and only update (and reboot is necessary) if there *is* a vulnerability.
I think this contains some assumptions 1. discovering security issues in network devices is expensive (and thus only those you glean from vendor notices realistically exist) 2. downside of being affected by network device security issue is expensive I'm very skeptical if either are true. I think it's very cheap to find security issues in network devices, particularly DoS issues. And I don't think downside is expensive, maybe it's bad 4h and lot of angry customers, but ultimately not that expensive. I think lot of this is self-organising with delay around rules and justifications no one understands, and we're not upgrading often, because it's not (currently) sensible approach. -- ++ytti
Current thread:
- Re: BGP Experiment, (continued)
- Re: BGP Experiment Randy Bush (Jan 08)
- Re: BGP Experiment Job Snijders (Jan 08)
- Re: BGP Experiment Tore Anderson (Jan 08)
- Re: BGP Experiment Töma Gavrichenkov (Jan 09)
- Re: BGP Experiment Saku Ytti (Jan 09)
- Re: BGP Experiment Töma Gavrichenkov (Jan 09)
- Re: BGP Experiment Saku Ytti (Jan 09)
- Re: BGP Experiment Töma Gavrichenkov (Jan 09)
- Re: BGP Experiment Owen DeLong (Jan 09)
- Re: BGP Experiment Töma Gavrichenkov (Jan 09)
- Re: BGP Experiment Saku Ytti (Jan 09)
- Re: BGP Experiment Töma Gavrichenkov (Jan 09)
- Re: BGP Experiment Saku Ytti (Jan 09)
- Re: BGP Experiment Töma Gavrichenkov (Jan 09)
- RE: BGP Experiment adamv0025 (Jan 09)
- Re: BGP Experiment Töma Gavrichenkov (Jan 09)
- Re: BGP Experiment Owen DeLong (Jan 09)
- Re: BGP Experiment Owen DeLong (Jan 09)
- Re: BGP Experiment Töma Gavrichenkov (Jan 09)
- Re: BGP Experiment Töma Gavrichenkov (Jan 09)