Many of you already know that we had two outages in March, one that was about an hour long, and another that was 4 hours long. These outages, at first, appeared to be the result of administrative incompetence. When the second attack occured, though, we soon realized that this was the result of a sophisticated exploit on a bug in the Cisco IOS used to manage our BGP routers.
CERT issued a vulnerability notice on March 27, 2008. You can read it here (VU936177).
Since this IOS update release, the attacks have been successfully managed and we are regaining our confidence in our colocation partners.
This type of attack can affect any ISP in any part of the world. For that reason, we are carefully screening our backup ISP providers to ensure that they have the proper updates applied to their infrastructure. We can't afford to subject our customers to another one of these attacks when it can be prevented with a bug fix to software.
We are working to expand our reliability infrastructure and provide outstanding service to all of our customers. Our screening process does take time, though, and we need to make sure that our decision does not adversely affect the distributed information sharing that all of our customers require.