Heartbleed Bug Found in Cisco Routers, Juniper Gear

Glen_Kent · April 11, 2014, 10:24am

http://online.wsj.com/news/articles/SB10001424052702303873604579493963847851346

Glen

Ruairi_Carroll · April 11, 2014, 10:34am

Slightly sensationalistic article, tends to imply that heartbleed will
allow you to capture data-plane traffic on any piece of Cisco/Juniper kit.

Either way, as I've said before, if you're exposing *any* management
interfaces, be is ssh,netconf or https to the internet in general, you've
got bigger issues than just heartbleed.

VPN, on the other hand, is a totally different world of pain for this issue.

/ruairi

Glen_Kent · April 11, 2014, 11:16am

Either way, as I've said before, if you're exposing *any* management
interfaces, be is ssh,netconf or https to the internet in general, you've
got bigger issues than just heartbleed.

Sure, i agree.

VPN, on the other hand, is a totally different world of pain for this
issue.

What about VPNs?

Glen

Hank_Nussbacher1 · April 12, 2014, 7:03pm

Suppose you have an existing server closet. You want to split it so that two different organizations can have access to it. Separate doors and a divider in the middle. Does anyone make kit for this for hosting centers?

Thanks,
Hank

Doug_Barton2 · April 12, 2014, 7:24pm

Please don't reply to a message on the list and change the subject line. Doing so causes your new topic to show "under" the previous one for those using mail readers that thread properly, and may cause your message to be missed altogether if someone has blocked that thread.

Instead, save the list address and start a completely new message.

hope this helps,

Doug

Lamar_Owen · April 12, 2014, 10:03pm

SSL VPN's could possibly be vulnerable.

EA_Louie · April 12, 2014, 10:47pm

Divided into vertical sections, it requires a new set of hinges and doors and lock slots front and rear, as well as solid shelves between the sections. Think about it for a moment, or go visit your nearest colocation center and ask to see a 1/2 or 1/3 rack. I actually have a 1/3 rack at one of my POPs.

Start with your cabinet manufacturer. I've seen 1/2 racks, 1/3 racks, and 1/4 racks in a full 84" enclosure.

Harry_Hoffman · April 13, 2014, 12:55am

Didn't Cisco already release a bunch of updates related to Anyconnect and heartbleed?

Cheers,
Harry

Jeff_Kell · April 13, 2014, 1:37am

There were AnyConnect for iOS (little "i", not big "I") issues with
heartbleed, but everything else has been mostly phone and UCS related.
IOS XE is affected if you have enabled https:// administrative
interface. Otherwise no (at least not yet, they're still checking).

There were, however, four separate security issues released this week
that affected SSL VPN, AnyConnect, and ASAs (I had to patch our ASAs
even though we do not do SSL VPN or AnyConnect, there is a DoS attack
possible via SIP).