[AusNOG] Preparing 100s of routers for resale

[Glen Turner]

The most problematic attack is someone with a programmable JTAG/bus
programmer reading out each address of the internal flash memory. These
tools are < $200. You don't know who is the final recipient of your
switch, it might be me :-)  If you're too paranoid about that thought
you should be cutting the switches into tiny pieces instead.

So:
 - identify onboard storage (flash:, bootflash:, nvram:, etc, etc).
You'll be surprised by the number of files holding configuration and
other private information (eg, crash dumps).

 - prepare a TFTP server with cisco.com downloads of any software images
for those devices. I like to be nice to the purchaser and use the most
recent good release for the device consistent with its licensing

 - for each device

   - format device:

   - create a file of zeroes the size of the free space on the device
(dd if=/dev/zero bs=1 count=,,, of=zero-free-space.bin)

   - copy tftp://server/zero-free-space.bin device:

   - format device:

   - Restore the software: copy tftp://server/...img device:

 - reload. If it doesn't come up with the "initial configuration dialog"
then you've done something wrong. If the device has FPGAs the reload
might take a while as the new software may cause a FPGA download to
occur.

I haven't sold anything with license keys, so I'm not sure how they
should be saved and restored across the cleansing.

Presumably those 100s of devices are the same model, so the hard work of
identifying the devices and preparing the files to erase the free space
needs to be done once.


Obviously removable storage is much easier to deal with. Eject it. Whack
into your Linux machine. Grab the device name using dmesg. Use dd
if=/dev/zero of=/dev/sd? to blow away the storage. Insert it back into
the router and format it. If I had hundreds to do I'd write a udev rule
to dd a pre-prepared image (ie, already formatted) immediately upon
inserting the flash.

-glen