I understand that if someone works in security, their budgetary aspirations will bias them towards scaring the bejesus out of people, but Arbor Networks' ASERT posting on cisco's crafted IP attack goes beyond stupid.

"I know that people in ISP operations groups are sweating this,"
-- Jose Nazario

Hello??? What major ISP uses cisco across the board anymore? Being multi-homed makes as much sense for purchasing transit (or peering), as it does for purchasing hardware. On top of that, ISP management knows that ISP engineers have previously had to ACL ciscos before to handle 0-day cisco attacks. It pays to have a multi-vendor architecture (unless you are configuring routers by hand).

Besides, no matter how much hair you pull out, ciscos or junipers or whatever will always have security issues.

Given this omnipresent uncertainty, ISP ops are *always* either:

  1. running around and sweating these issues, or
  2. just doing their jobs and tasks.
Any ISP worth working at keeps things calm in the NOC because that ISP knows that more "hair-pulling" means more errors and more customers with "temporary connectivity issues". We already know to poll our vendors for updates. We already know to monitor our networks for out of character changes in network flows. Just let us do our damn jobs.