Note to anyone selling equipment

Date December 31, 2008

ALWAYS wipe your equipment before you sell it to anyone.

This includes things like hard drives and network devices.

I can't mention any names at all, or specifics, but I ordered a couple of refurb routers a few days ago, and I was very surprised today when I saw full router configs in place, complete with IPSec settings, ACLs, and plaintext read/write SNMP strings.

Always wipe your configs before you sell the devices. Always.

Category Posted in General

2 Responses to “Note to anyone selling equipment”

  1. Kameron said:

    December 31st, 2008 at 5:12 pm

    We recently bought a used Cisco 7206VXR router off of eBay with the old config still accessible. I now have a more knowledge of a certain defense contractor's network infrastructure than they probably would approve of.

    Included were goodies such as SNMP communities, TACACS+ server hosts and keys, BGP peers/community/MD5 keys, and ip6inip tunnel information.

    It's not the first time it's happened to us, either. We've come across configs in gear from state government offices, lawyer's offices, and an online porn host.

    Good times.

  2. Matt said:

    December 31st, 2008 at 6:41 pm

    @Kameron

    wow, that's crazy. And people wonder why corporate espionage happens so often. The way I look at it, if I got these routers, someone else got similar configs, and they probably aren't as scrupulous as I am.

    Being a sysadmin requires a lot of responsibility sometimes.

Leave a Reply

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>


− one = 3