Understanding the Cisco IOS XR Vulnerability: CVE-2025-20115
https://thedefendopsdiaries.com/understanding-the-cisco-ios-xr-vulnerability-cve-2025-20115/
Understanding the Cisco IOS XR Vulnerability: CVE-2025-20115
https://thedefendopsdiaries.com/understanding-the-cisco-ios-xr-vulnerability-cve-2025-20115/
Annual reminder: I'm running various free projects for networking community - BGP feeds with bogons, FlowSpec, geo information for country filtering, full IPv4/IPv6 global table, RPKI RSes and AS112 sinkholes. All documented here: https://lukasz.bromirski.net/projects/ #bgp #as112 #anycast #freebsd #iosxr #xrv9000 #pushdastuff
Even seasoned network engineers can make mistakes. Mistakes are good, they make us learn things and remind we should stay humble. And if you waste hours troubleshooting... you write a post ;) https://lukasz.bromirski.net/post/xr-route-internal/ #iosxr #routing
Doing geoblocking is generally doing 'security by building false sense of it'. However, sometimes somebody forces you to do it anyway. If you know what you're doing, take a look here - any feedback on this is great! https://lukasz.bromirski.net/bgp-geo-blackholing/ #bgp #geoblocking #iosxr #pushdastuff
If You want to experiment with BGP FlowSpec on your router, there's alpha version of my BGP Blackholing FlowSpec server at 85.232.240.180 & 2001:1a68:2c:2::180. You'll get 1345 IPv4 FlowSpec AF prefixes and 45 in IPv6 FlowSpec AF. The rest of configuration is the same as in main project: https://lukasz.bromirski.net/bgp-blackholing/ Please ping me directly and share your feedback (with your platform details if possible - thanks!) #iosxr #pushdastuff #bgp #blackholing
You *may* have noticed small disturbance of the force with regards to BGP Full Feed and BGP Blackholing projects. That's because over last two nights I migrated all infra to... this ;) #iosxr #xrv9000 #pushdastuff
Logging to IOS XR using SSH keys - 7.0+ edition howto: lukasz.bromirski.net/post/ios-xr-au… #iosxr #ssh #openssh #hardening #security #pushdastuff