[AusNOG] Preparing 100s of routers for resale
tom at snnap.net
Thu Apr 12 20:43:55 EST 2012
I suppose you could always try to do some destructive writes. Generate
some files from /dev/random that are the same size as the free space
on nvram: or flash: etc and copy them over. That should hopefully
overwrite any evidence of any files that might have existed. :-)
I know its possible to use SNMP to tell a router to download
configuration via TFTP and store it to startup-config, so maybe you
could make a large, bogus MOTD or something and use that to overwrite
nvram:, followed by deleting startup-config.
Some of this could probably be scripted with an expect script or
similar running via the serial port. It might take a little time to
work it out and get it right initially, but once up and running,
imagine the time it could save you having to do this over hundreds of
On 12 April 2012 10:51, Karl Auer <kauer at biplane.com.au> wrote:
> On Thu, 2012-04-12 at 09:12 +0100, Tom Storey wrote:
>> Also make sure to check flash: nvram: et al to make sure there arent
>> "backup" copies of configs floating around.
> When one erases flash/nvram in a Cisco router, or just deletes files off
> it, is the data really gone? I have recovered allegedly deleted files
> off all sorts of media, and even from formatted drives. I haven't tried
> it off a Cisco switch or router.
> It seems likely to me that long term storage devices in routers and
> switches will retain most, and possibly all, of their data in a
> recoverable or largely recoverable state unless explicit steps are taken
> to overwrite it.
> Maybe it would be a good idea to prepare a large file of random data and
> write it to any long term storage devices at some point. Filling the
> device with random data would probably leave a little structural info
> untouched (directory entries and suchlike) but should obliterate most
> actual data.
> Since the flash memory in such devices is usually removable without much
> difficulty, it might be possible to shred the data more conveniently
> (and probably faster and more effectively) by putting it into a card
> read/writer of some sort.
> On the other hand, I could be wrong.
> Regards, K.
> Karl Auer (kauer at biplane.com.au)
> GPG fingerprint: AE1D 4868 6420 AD9A A698 5251 1699 7B78 4EEE 6017
> Old fingerprint: DA41 51B1 1481 16E1 F7E2 B2E9 3007 14ED 5736 F687
> AusNOG mailing list
> AusNOG at lists.ausnog.net
More information about the AusNOG