[AusNOG] Bouncing Cisco Equipment and "Smart Install"

Mark Foster blakjak at blakjak.net
Wed May 9 16:55:47 EST 2018


You don't specifically mention https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-smi which I assume you're aware of?

On 9 May 2018 4:21:20 PM NZST, "Michael J. Carmody" <michael at opusv.com.au> wrote:
>Hey All,
>
>Just a feeler to see if anyone else is seeing this.
>
>We have some Cisco switches we use as Layer 2/3 NTU's to talk to client
>equipment on the far ends of fibre links.
>
>As of yesterday morning, all of these switches started a roughly 1-2
>hour reboot outage.
>
>All smartnet'ed, running latest recommended stable from cisco, and
>nothing in the logs other than a hard reset just occurred.
>
>We have been additionally hardening the exposure of various interfaces
>(attacks were captured coming from resi ISP looking .mx domains), and
>it appears the one that has stopped the rot is disabling the "Smart
>Install" feature with a "no vstack" command, reload config from out
>config store and back to work...
>
>TBH I didn't even know this protocol existed... a non-authenticated, on
>by default protocol that allows you to configure and image deploy on
>network equipment.
>
>Like, its our own fault, but what the hell is this doing on by default?
>
>Anyone else with Cisco or "Smart Install" equipment seeing an uptick in
>scanning/poking activity?
>
>-Michael Carmody
>
>(Ref:
>https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170214-smi
>)

-- 
Sent from my Android device with K-9 Mail. Please excuse my brevity.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20180509/e057184c/attachment.html>


More information about the AusNOG mailing list