[AusNOG] Preparing 100s of routers for resale
Andrew Jones
aj at jonesy.com.au
Fri Apr 13 12:01:50 EST 2012
Just use misdirection: build and apply a legit-looking but boring config
to make the recipient think that the device wasn't wiped. For bonus points,
use IP addresses in the config that are set up on a honeypot machine
somewhere to see who comes poking around.
-Jonesy
On Fri, 13 Apr 2012 09:40:52 +0930, Glen Turner <gdt at gdt.id.au> wrote:
> The most problematic attack is someone with a programmable JTAG/bus
> programmer reading out each address of the internal flash memory. These
> tools are < $200. You don't know who is the final recipient of your
> switch, it might be me :-) If you're too paranoid about that thought
> you should be cutting the switches into tiny pieces instead.
>
> So:
> - identify onboard storage (flash:, bootflash:, nvram:, etc, etc).
> You'll be surprised by the number of files holding configuration and
> other private information (eg, crash dumps).
>
> - prepare a TFTP server with cisco.com downloads of any software images
> for those devices. I like to be nice to the purchaser and use the most
> recent good release for the device consistent with its licensing
>
> - for each device
>
> - format device:
>
> - create a file of zeroes the size of the free space on the device
> (dd if=/dev/zero bs=1 count=,,, of=zero-free-space.bin)
>
> - copy tftp://server/zero-free-space.bin device:
>
> - format device:
>
> - Restore the software: copy tftp://server/...img device:
>
> - reload. If it doesn't come up with the "initial configuration dialog"
> then you've done something wrong. If the device has FPGAs the reload
> might take a while as the new software may cause a FPGA download to
> occur.
>
> I haven't sold anything with license keys, so I'm not sure how they
> should be saved and restored across the cleansing.
>
> Presumably those 100s of devices are the same model, so the hard work of
> identifying the devices and preparing the files to erase the free space
> needs to be done once.
>
>
> Obviously removable storage is much easier to deal with. Eject it. Whack
> into your Linux machine. Grab the device name using dmesg. Use dd
> if=/dev/zero of=/dev/sd? to blow away the storage. Insert it back into
> the router and format it. If I had hundreds to do I'd write a udev rule
> to dd a pre-prepared image (ie, already formatted) immediately upon
> inserting the flash.
>
> -glen
>
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
More information about the AusNOG
mailing list