I think it's important, as a service provider, to promptly inform your
customers and affected networks of issues like this. And this isn't just an
Exodus issue. There are a number of providers that simply ignore requests
for information or are very slow about propagating exploit details quickly
enough to matter. While they're not a provider, you can send a detailed
exploit to CERT and then wait months before they get around to letting other
folks know about the problem. And that's from an entity that supposedly
exists to propagate useful information to prevent exploits....In the
meantime, affected systems fall like flies. It's fortunate that venues like
NANOG and BUQTRAQ are around to disseminate this type of information in a
timeframe more useful to us all.
And back to the subject matter....I have no doubt that Exodus was working on
the problem. It just would have been nice to be informed by *anyone*
official there in a timely manner of the problem. That's both from a
customer's standpoint, and the Internet at large.
Chris
Chris Mauritz
Director, Systems Administration
Rare Medium, Inc.
chrism@raremedium.com