Cisco vulnerability and dangerous filtering techniques

Just a handful of traceroutes would give it enough information to start
at a major backbone and work back towards itself.

I guess all folks with Ph.D. at Akamai really are paid for nothing if a
virus could calculate that with a few traceroutes.

Akamai is a business and has customers paying for its service, therefore
they must attempt to get the best answer every time. But a virus can live
with sub-optimal results as long as it does well enough to keep
propagating and keep wreaking havoc. In fact, the virus writer might
prefer that it does not shut down the entire Internet in one grand orgy of
destruction because if that happens, there is too much incentive for
police to identify the individuals concerned.

The fact is that the idea has now been expressed in public. This almost
guarantees that there are now multiple teams of virus writers working on
incorporating these ideas into their creations.

P.S. The only sure way of eradicating this Cisco bug from the Internet is
to convert the Internet to IPv6. The bug doesn't affect Cisco's IPv6 code
and older routers whose IOS cannot be upgraded also cannot do IPv6 so they
cannot be used in an IPv6 Internet. Food for thought...

--Michael Dillon

Right, because the IPv6 code is guaranteed to have no bugs of its own.