[AusNOG] Preparing 100s of routers for resale
Tom.Minchin at csiro.au
Tom.Minchin at csiro.au
Thu Apr 12 20:52:19 EST 2012
Depends how paranoid you are and how well the device and cf card levels the wear - might have to write a very long config or numerous random files until you were sure every block had been overwritten.
If the cf cards are removable and you are the outgoing customer I'd see if it was more cost effective to remove them all and sell it without a card (or buy generic blank CF cards to insert).
May just be easier to change the default passwords on the network gear that remains behind...
----- Original Message -----
From: Tom Storey [mailto:tom at snnap.net]
Sent: Thursday, April 12, 2012 08:43 PM
To: Karl Auer <kauer at biplane.com.au>
Cc: ausnog at lists.ausnog.net <ausnog at lists.ausnog.net>
Subject: Re: [AusNOG] Preparing 100s of routers for resale
I suppose you could always try to do some destructive writes. Generate
some files from /dev/random that are the same size as the free space
on nvram: or flash: etc and copy them over. That should hopefully
overwrite any evidence of any files that might have existed. :-)
I know its possible to use SNMP to tell a router to download
configuration via TFTP and store it to startup-config, so maybe you
could make a large, bogus MOTD or something and use that to overwrite
nvram:, followed by deleting startup-config.
Some of this could probably be scripted with an expect script or
similar running via the serial port. It might take a little time to
work it out and get it right initially, but once up and running,
imagine the time it could save you having to do this over hundreds of
devices...
Tom
On 12 April 2012 10:51, Karl Auer <kauer at biplane.com.au> wrote:
> On Thu, 2012-04-12 at 09:12 +0100, Tom Storey wrote:
>> Also make sure to check flash: nvram: et al to make sure there arent
>> "backup" copies of configs floating around.
>
> When one erases flash/nvram in a Cisco router, or just deletes files off
> it, is the data really gone? I have recovered allegedly deleted files
> off all sorts of media, and even from formatted drives. I haven't tried
> it off a Cisco switch or router.
>
> It seems likely to me that long term storage devices in routers and
> switches will retain most, and possibly all, of their data in a
> recoverable or largely recoverable state unless explicit steps are taken
> to overwrite it.
>
> Maybe it would be a good idea to prepare a large file of random data and
> write it to any long term storage devices at some point. Filling the
> device with random data would probably leave a little structural info
> untouched (directory entries and suchlike) but should obliterate most
> actual data.
>
> Since the flash memory in such devices is usually removable without much
> difficulty, it might be possible to shred the data more conveniently
> (and probably faster and more effectively) by putting it into a card
> read/writer of some sort.
>
> On the other hand, I could be wrong.
>
> Regards, K.
>
> --
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> Karl Auer (kauer at biplane.com.au)
> http://www.biplane.com.au/kauer
>
> GPG fingerprint: AE1D 4868 6420 AD9A A698 5251 1699 7B78 4EEE 6017
> Old fingerprint: DA41 51B1 1481 16E1 F7E2 B2E9 3007 14ED 5736 F687
>
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>
_______________________________________________
AusNOG mailing list
AusNOG at lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog
More information about the AusNOG
mailing list