Re: Saying goodnight to my GSR
Well, I think it was just blind fear talking. Properly configured, it is less a security issue than newer devices. Pretty impressive from Matthew to have the patience/skills to not simply reload that fridge over the years. On 09/20/14 16:25, Keith Medcalf wrote: And what, exactly, is it vulnerable to? -Original Message- From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Daniel Sterling Sent: Saturday, 20 September, 2014 12:06 To: Bacon Zombie Cc: nanog@nanog.org Subject: Re: Saying goodnight to my GSR Again, you're focusing resentment towards someone who did the right thing. Negative reinforcement will discourage others from taking action and will discourage them from encouraging others to take action. Let's focus on who still has vulnerable equipment and how to help them. Let's not shame people who did the right thing Thanks, Dan On Sat, Sep 20, 2014 at 1:59 PM, Bacon Zombie baconzom...@gmail.com wrote: OK thank you for decommissioning this.* * Only if you either had authority to do so for max 1 year or had no authority but were fighting to have it patches or replaced for years. On Sep 20, 2014 7:54 PM, Daniel Sterling sterling.dan...@gmail.com wrote: On Sat, Sep 20, 2014 at 1:37 PM, Bacon Zombie baconzom...@gmail.com wrote: So when was the last time you patched this internet facing device? Isn't the better response, thank you for decommissioning it? Can someone from cisco set up a poll or release whatever numbers they have about how many of these old devices are still in service? Thanks, Dan
RE: Saying goodnight to my GSR
Got you beat by nine weeks with a Foundry 9604. :-) #sh ver SW: Version 03.3.01aTc1 Copyright (c) 1996-2004 Foundry Networks, Inc. Compiled on Feb 01 2005 at 11:21:12 labeled as FES03301a (2057881 bytes) from Primary foundry-FES/FES03301a.bin Boot Monitor: Version 03.2.00Tc4 HW: Stackable FES9604 == Serial #: 330 MHz Power PC processor 8245 (version 129/1014) 66 MHz bus 512 KB boot flash memory 16384 KB code flash memory 128 MB DRAM The system uptime is 3411 days 7 hours 52 minutes 20 seconds The system started at 01:38:44 Eastern Sat May 21 2005 The system : started=warm start reloaded=by reload Poor thing just handles traffic for managed power strips and we haven't had the heart to replace it lol. David -Original Message- From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Matthew Crocker Sent: Saturday, September 20, 2014 10:19 AM To: NANOG Subject: Saying goodnight to my GSR Has been running for a while, time to shut 'er down. She (is a router a she?) used to handle all of my BGP GigE links but over the years has been demoted to OSPF and T1 aggregation. If anyone needs a boat anchor let me know. gsr8-1#show version Cisco Internetwork Operating System Software IOS (tm) GS Software (GSR-P-M), Version 12.0(30)S3, RELEASE SOFTWARE (fc2) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2005 by cisco Systems, Inc. Compiled Thu 30-Jun-05 18:29 by pwade Image text-base: 0x50010E80, data-base: 0x536E8000 ROM: System Bootstrap, Version 11.2(20030108:132517) [jkuzma-112 2.2] RELEASE SOFTWARE gsr8-1 uptime is 9 years, 9 weeks, 2 days, 8 hours, 39 minutes Uptime for this control processor is 9 years, 2 weeks, 2 days, 18 minutes System returned to ROM by Stateful Switchover at 13:46:36 UTC Tue Sep 6 2005 System image file is slot0:gsr-p-mz.120-30.S3.bin cisco 12008/GRP (R5000) processor (revision 0x05) with 524288K bytes of memory. R5000 CPU at 200Mhz, Implementation 35, Rev 2.1, 512KB L2 Cache Last reset from power-on 2 Route Processor Cards 2 Clock Scheduler Cards 3 Switch Fabric Cards 2 Single Port Gigabit Ethernet/IEEE 802.3z controllers (2 GigabitEthernet). 1 Three Port Gigabit Ethernet/IEEE 802.3z controller (3 GigabitEthernet). 1 Ethernet/IEEE 802.3 interface(s) 5 GigabitEthernet/IEEE 802.3 interface(s) 507K bytes of non-volatile configuration memory. 20480K bytes of Flash PCMCIA card at slot 0 (Sector size 128K). 8192K bytes of Flash internal SIMM (Sector size 256K). Configuration register is 0x2102 -- Matthew S. Crocker President Crocker Communications, Inc. PO BOX 710 Greenfield, MA 01302-0710 E: matt...@crocker.com P: (413) 746-2760 F: (413) 746-3704 W: http://www.crocker.com
RE: Saying goodnight to my GSR
On Mon, 22 Sep 2014, David Hubbard wrote: Got you beat by nine weeks with a Foundry 9604. :-) I might have a Cat5505 or two on our out-of-band management network with uptimes that approach this. jms #sh ver SW: Version 03.3.01aTc1 Copyright (c) 1996-2004 Foundry Networks, Inc. Compiled on Feb 01 2005 at 11:21:12 labeled as FES03301a (2057881 bytes) from Primary foundry-FES/FES03301a.bin Boot Monitor: Version 03.2.00Tc4 HW: Stackable FES9604 == Serial #: 330 MHz Power PC processor 8245 (version 129/1014) 66 MHz bus 512 KB boot flash memory 16384 KB code flash memory 128 MB DRAM The system uptime is 3411 days 7 hours 52 minutes 20 seconds The system started at 01:38:44 Eastern Sat May 21 2005 The system : started=warm start reloaded=by reload Poor thing just handles traffic for managed power strips and we haven't had the heart to replace it lol. David -Original Message- From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Matthew Crocker Sent: Saturday, September 20, 2014 10:19 AM To: NANOG Subject: Saying goodnight to my GSR Has been running for a while, time to shut 'er down. She (is a router a she?) used to handle all of my BGP GigE links but over the years has been demoted to OSPF and T1 aggregation. If anyone needs a boat anchor let me know. gsr8-1#show version Cisco Internetwork Operating System Software IOS (tm) GS Software (GSR-P-M), Version 12.0(30)S3, RELEASE SOFTWARE (fc2) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2005 by cisco Systems, Inc. Compiled Thu 30-Jun-05 18:29 by pwade Image text-base: 0x50010E80, data-base: 0x536E8000 ROM: System Bootstrap, Version 11.2(20030108:132517) [jkuzma-112 2.2] RELEASE SOFTWARE gsr8-1 uptime is 9 years, 9 weeks, 2 days, 8 hours, 39 minutes Uptime for this control processor is 9 years, 2 weeks, 2 days, 18 minutes System returned to ROM by Stateful Switchover at 13:46:36 UTC Tue Sep 6 2005 System image file is slot0:gsr-p-mz.120-30.S3.bin cisco 12008/GRP (R5000) processor (revision 0x05) with 524288K bytes of memory. R5000 CPU at 200Mhz, Implementation 35, Rev 2.1, 512KB L2 Cache Last reset from power-on 2 Route Processor Cards 2 Clock Scheduler Cards 3 Switch Fabric Cards 2 Single Port Gigabit Ethernet/IEEE 802.3z controllers (2 GigabitEthernet). 1 Three Port Gigabit Ethernet/IEEE 802.3z controller (3 GigabitEthernet). 1 Ethernet/IEEE 802.3 interface(s) 5 GigabitEthernet/IEEE 802.3 interface(s) 507K bytes of non-volatile configuration memory. 20480K bytes of Flash PCMCIA card at slot 0 (Sector size 128K). 8192K bytes of Flash internal SIMM (Sector size 256K). Configuration register is 0x2102 -- Matthew S. Crocker President Crocker Communications, Inc. PO BOX 710 Greenfield, MA 01302-0710 E: matt...@crocker.com P: (413) 746-2760 F: (413) 746-3704 W: http://www.crocker.com
RE: Saying goodnight to my GSR
The best thing about having GSRs around is trading them in for ASR 9900s. The freight is a ding, though. -Drew -Original Message- From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Matthew Crocker Sent: Saturday, September 20, 2014 10:19 AM To: NANOG Subject: Saying goodnight to my GSR Has been running for a while, time to shut 'er down. She (is a router a she?) used to handle all of my BGP GigE links but over the years has been demoted to OSPF and T1 aggregation. If anyone needs a boat anchor let me know. gsr8-1#show version Cisco Internetwork Operating System Software IOS (tm) GS Software (GSR-P-M), Version 12.0(30)S3, RELEASE SOFTWARE (fc2) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2005 by cisco Systems, Inc. Compiled Thu 30-Jun-05 18:29 by pwade Image text-base: 0x50010E80, data-base: 0x536E8000 ROM: System Bootstrap, Version 11.2(20030108:132517) [jkuzma-112 2.2] RELEASE SOFTWARE gsr8-1 uptime is 9 years, 9 weeks, 2 days, 8 hours, 39 minutes Uptime for this control processor is 9 years, 2 weeks, 2 days, 18 minutes System returned to ROM by Stateful Switchover at 13:46:36 UTC Tue Sep 6 2005 System image file is slot0:gsr-p-mz.120-30.S3.bin cisco 12008/GRP (R5000) processor (revision 0x05) with 524288K bytes of memory. R5000 CPU at 200Mhz, Implementation 35, Rev 2.1, 512KB L2 Cache Last reset from power-on 2 Route Processor Cards 2 Clock Scheduler Cards 3 Switch Fabric Cards 2 Single Port Gigabit Ethernet/IEEE 802.3z controllers (2 GigabitEthernet). 1 Three Port Gigabit Ethernet/IEEE 802.3z controller (3 GigabitEthernet). 1 Ethernet/IEEE 802.3 interface(s) 5 GigabitEthernet/IEEE 802.3 interface(s) 507K bytes of non-volatile configuration memory. 20480K bytes of Flash PCMCIA card at slot 0 (Sector size 128K). 8192K bytes of Flash internal SIMM (Sector size 256K). Configuration register is 0x2102 -- Matthew S. Crocker President Crocker Communications, Inc. PO BOX 710 Greenfield, MA 01302-0710 E: matt...@crocker.com P: (413) 746-2760 F: (413) 746-3704 W: http://www.crocker.com
RE: Saying goodnight to my GSR
They make great fish tanks in their second lives, although uptime stats are more general recollection for me now. http://postimg.org/image/xdyp4o6p7/ -Original Message- From: NANOG [mailto:nanog-bounces+jdevane=switchnap@nanog.org] On Behalf Of Drew Weaver Sent: Monday, September 22, 2014 10:58 AM To: 'Matthew Crocker' Cc: 'nanog@nanog.org' Subject: RE: Saying goodnight to my GSR The best thing about having GSRs around is trading them in for ASR 9900s. The freight is a ding, though. -Drew -Original Message- From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Matthew Crocker Sent: Saturday, September 20, 2014 10:19 AM To: NANOG Subject: Saying goodnight to my GSR Has been running for a while, time to shut 'er down. She (is a router a she?) used to handle all of my BGP GigE links but over the years has been demoted to OSPF and T1 aggregation. If anyone needs a boat anchor let me know. gsr8-1#show version Cisco Internetwork Operating System Software IOS (tm) GS Software (GSR-P-M), Version 12.0(30)S3, RELEASE SOFTWARE (fc2) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2005 by cisco Systems, Inc. Compiled Thu 30-Jun-05 18:29 by pwade Image text-base: 0x50010E80, data-base: 0x536E8000 ROM: System Bootstrap, Version 11.2(20030108:132517) [jkuzma-112 2.2] RELEASE SOFTWARE gsr8-1 uptime is 9 years, 9 weeks, 2 days, 8 hours, 39 minutes Uptime for this control processor is 9 years, 2 weeks, 2 days, 18 minutes System returned to ROM by Stateful Switchover at 13:46:36 UTC Tue Sep 6 2005 System image file is slot0:gsr-p-mz.120-30.S3.bin cisco 12008/GRP (R5000) processor (revision 0x05) with 524288K bytes of memory. R5000 CPU at 200Mhz, Implementation 35, Rev 2.1, 512KB L2 Cache Last reset from power-on 2 Route Processor Cards 2 Clock Scheduler Cards 3 Switch Fabric Cards 2 Single Port Gigabit Ethernet/IEEE 802.3z controllers (2 GigabitEthernet). 1 Three Port Gigabit Ethernet/IEEE 802.3z controller (3 GigabitEthernet). 1 Ethernet/IEEE 802.3 interface(s) 5 GigabitEthernet/IEEE 802.3 interface(s) 507K bytes of non-volatile configuration memory. 20480K bytes of Flash PCMCIA card at slot 0 (Sector size 128K). 8192K bytes of Flash internal SIMM (Sector size 256K). Configuration register is 0x2102 -- Matthew S. Crocker President Crocker Communications, Inc. PO BOX 710 Greenfield, MA 01302-0710 E: matt...@crocker.com P: (413) 746-2760 F: (413) 746-3704 W: http://www.crocker.com CONFIDENTIAL INFORMATION This email message, its chain, and any attachments: (a) may include proprietary information, trade secrets, confidential information and/or other protected information (Confidential Information) which are hereby labeled as Confidential for protection purposes, (b) is sent to you in confidence with a reasonable expectation of privacy, (c) may be protected by confidentiality agreements requiring this notice and/or identification, and (d) is not intended for transmission to, or receipt by unauthorized persons. If you are not the intended recipient, please notify the sender immediately by telephone or by replying to this message. Please then delete this message, any attachments, chains, copies or portions from your system(s). Thank you.
RE: Saying goodnight to my GSR
On Mon, 22 Sep 2014, Jim Devane wrote: They make great fish tanks in their second lives, although uptime stats are more general recollection for me now. http://postimg.org/image/xdyp4o6p7/ Reminds me of a kegerator I saw many moons ago, made out of a hollowed-out Wellfleet BCN ;) jms -Original Message- From: NANOG [mailto:nanog-bounces+jdevane=switchnap@nanog.org] On Behalf Of Drew Weaver Sent: Monday, September 22, 2014 10:58 AM To: 'Matthew Crocker' Cc: 'nanog@nanog.org' Subject: RE: Saying goodnight to my GSR The best thing about having GSRs around is trading them in for ASR 9900s. The freight is a ding, though. -Drew -Original Message- From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Matthew Crocker Sent: Saturday, September 20, 2014 10:19 AM To: NANOG Subject: Saying goodnight to my GSR Has been running for a while, time to shut 'er down. She (is a router a she?) used to handle all of my BGP GigE links but over the years has been demoted to OSPF and T1 aggregation. If anyone needs a boat anchor let me know. gsr8-1#show version Cisco Internetwork Operating System Software IOS (tm) GS Software (GSR-P-M), Version 12.0(30)S3, RELEASE SOFTWARE (fc2) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2005 by cisco Systems, Inc. Compiled Thu 30-Jun-05 18:29 by pwade Image text-base: 0x50010E80, data-base: 0x536E8000 ROM: System Bootstrap, Version 11.2(20030108:132517) [jkuzma-112 2.2] RELEASE SOFTWARE gsr8-1 uptime is 9 years, 9 weeks, 2 days, 8 hours, 39 minutes Uptime for this control processor is 9 years, 2 weeks, 2 days, 18 minutes System returned to ROM by Stateful Switchover at 13:46:36 UTC Tue Sep 6 2005 System image file is slot0:gsr-p-mz.120-30.S3.bin cisco 12008/GRP (R5000) processor (revision 0x05) with 524288K bytes of memory. R5000 CPU at 200Mhz, Implementation 35, Rev 2.1, 512KB L2 Cache Last reset from power-on 2 Route Processor Cards 2 Clock Scheduler Cards 3 Switch Fabric Cards 2 Single Port Gigabit Ethernet/IEEE 802.3z controllers (2 GigabitEthernet). 1 Three Port Gigabit Ethernet/IEEE 802.3z controller (3 GigabitEthernet). 1 Ethernet/IEEE 802.3 interface(s) 5 GigabitEthernet/IEEE 802.3 interface(s) 507K bytes of non-volatile configuration memory. 20480K bytes of Flash PCMCIA card at slot 0 (Sector size 128K). 8192K bytes of Flash internal SIMM (Sector size 256K). Configuration register is 0x2102 -- Matthew S. Crocker President Crocker Communications, Inc. PO BOX 710 Greenfield, MA 01302-0710 E: matt...@crocker.com P: (413) 746-2760 F: (413) 746-3704 W: http://www.crocker.com CONFIDENTIAL INFORMATION This email message, its chain, and any attachments: (a) may include proprietary information, trade secrets, confidential information and/or other protected information (Confidential Information) which are hereby labeled as Confidential for protection purposes, (b) is sent to you in confidence with a reasonable expectation of privacy, (c) may be protected by confidentiality agreements requiring this notice and/or identification, and (d) is not intended for transmission to, or receipt by unauthorized persons. If you are not the intended recipient, please notify the sender immediately by telephone or by replying to this message. Please then delete this message, any attachments, chains, copies or portions from your system(s). Thank you.
Re: Saying goodnight to my GSR
Ha! I'd say that's an upgrade for the BCN! ;-) I still have nightmares about Site Mangler, and conflicting versions between it and the BCN/BLNs. Ken On Mon, Sep 22, 2014 at 10:07 AM, Justin M. Streiner strei...@cluebyfour.org wrote: On Mon, 22 Sep 2014, Jim Devane wrote: They make great fish tanks in their second lives, although uptime stats are more general recollection for me now. http://postimg.org/image/xdyp4o6p7/ Reminds me of a kegerator I saw many moons ago, made out of a hollowed-out Wellfleet BCN ;) jms -Original Message- From: NANOG [mailto:nanog-bounces+jdevane=switchnap@nanog.org] On Behalf Of Drew Weaver Sent: Monday, September 22, 2014 10:58 AM To: 'Matthew Crocker' Cc: 'nanog@nanog.org' Subject: RE: Saying goodnight to my GSR The best thing about having GSRs around is trading them in for ASR 9900s. The freight is a ding, though. -Drew -Original Message- From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Matthew Crocker Sent: Saturday, September 20, 2014 10:19 AM To: NANOG Subject: Saying goodnight to my GSR Has been running for a while, time to shut 'er down. She (is a router a she?) used to handle all of my BGP GigE links but over the years has been demoted to OSPF and T1 aggregation. If anyone needs a boat anchor let me know. gsr8-1#show version Cisco Internetwork Operating System Software IOS (tm) GS Software (GSR-P-M), Version 12.0(30)S3, RELEASE SOFTWARE (fc2) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2005 by cisco Systems, Inc. Compiled Thu 30-Jun-05 18:29 by pwade Image text-base: 0x50010E80, data-base: 0x536E8000 ROM: System Bootstrap, Version 11.2(20030108:132517) [jkuzma-112 2.2] RELEASE SOFTWARE gsr8-1 uptime is 9 years, 9 weeks, 2 days, 8 hours, 39 minutes Uptime for this control processor is 9 years, 2 weeks, 2 days, 18 minutes System returned to ROM by Stateful Switchover at 13:46:36 UTC Tue Sep 6 2005 System image file is slot0:gsr-p-mz.120-30.S3.bin cisco 12008/GRP (R5000) processor (revision 0x05) with 524288K bytes of memory. R5000 CPU at 200Mhz, Implementation 35, Rev 2.1, 512KB L2 Cache Last reset from power-on 2 Route Processor Cards 2 Clock Scheduler Cards 3 Switch Fabric Cards 2 Single Port Gigabit Ethernet/IEEE 802.3z controllers (2 GigabitEthernet). 1 Three Port Gigabit Ethernet/IEEE 802.3z controller (3 GigabitEthernet). 1 Ethernet/IEEE 802.3 interface(s) 5 GigabitEthernet/IEEE 802.3 interface(s) 507K bytes of non-volatile configuration memory. 20480K bytes of Flash PCMCIA card at slot 0 (Sector size 128K). 8192K bytes of Flash internal SIMM (Sector size 256K). Configuration register is 0x2102 -- Matthew S. Crocker President Crocker Communications, Inc. PO BOX 710 Greenfield, MA 01302-0710 E: matt...@crocker.com P: (413) 746-2760 F: (413) 746-3704 W: http://www.crocker.com CONFIDENTIAL INFORMATION This email message, its chain, and any attachments: (a) may include proprietary information, trade secrets, confidential information and/or other protected information (Confidential Information) which are hereby labeled as Confidential for protection purposes, (b) is sent to you in confidence with a reasonable expectation of privacy, (c) may be protected by confidentiality agreements requiring this notice and/or identification, and (d) is not intended for transmission to, or receipt by unauthorized persons. If you are not the intended recipient, please notify the sender immediately by telephone or by replying to this message. Please then delete this message, any attachments, chains, copies or portions from your system(s). Thank you.
Re: Saying goodnight to my GSR
On 9/22/2014 06:38, Alain Hebert wrote: Properly configured, it is less a security issue than newer devices. Pretty impressive from Matthew to have the patience/skills to not simply reload that fridge over the years. Whew! I was afraid I was the one who thought so anymore. -- The unique Characteristics of System Administrators: The fact that they are infallible; and, The fact that they learn from their mistakes. Quis custodiet ipsos custodes
Re: Saying goodnight to my GSR
On 9/22/2014 08:35, David Hubbard wrote: Got you beat by nine weeks with a Foundry 9604. :-) The system uptime is 3411 days 7 hours 52 minutes 20 seconds The system started at 01:38:44 Eastern Sat May 21 2005 That's the kind of waving I like to see. -- The unique Characteristics of System Administrators: The fact that they are infallible; and, The fact that they learn from their mistakes. Quis custodiet ipsos custodes
Re: Saying goodnight to my GSR
On 20/09/14 20:26, Jared Mauch wrote: OpenSNMPProject has some of this data for devices that respond to the string ‘public’. Lots of old stuff out there. That might make for quite an interesting talk, Jared. :) -- Tom
Re: Saying goodnight to my GSR
On 2014-09-20 16:18, Matthew Crocker wrote: [..] IOS (tm) GS Software (GSR-P-M), Version 12.0(30)S3, RELEASE SOFTWARE (fc2) [..] gsr8-1 uptime is 9 years, 9 weeks, 2 days, 8 hours, 39 minutes Thank you for finally taking a vulnerable system of the Internet! Greets, Jeroen
Re: Saying goodnight to my GSR
On Sep 20, 2014, at 10:18 AM, Matthew Crocker matt...@corp.crocker.com wrote about his old router: SNIP/ gsr8-1 uptime is 9 years, 9 weeks, 2 days, 8 hours, 39 minutes Uptime for this control processor is 9 years, 2 weeks, 2 days, 18 minutes System returned to ROM by Stateful Switchover at 13:46:36 UTC Tue Sep 6 2005 SNIP/ Matt, Wow. You have amazing power reliability! Want to tell us your secret? Regards. James R. Cutler james.cut...@consultant.com PGP keys at http://pgp.mit.edu signature.asc Description: Message signed with OpenPGP using GPGMail
Re: Saying goodnight to my GSR
-48VDC. On Sep 20, 2014, at 10:58 AM, James R Cutler james.cut...@consultant.com wrote: On Sep 20, 2014, at 10:18 AM, Matthew Crocker matt...@corp.crocker.com wrote about his old router: SNIP/ gsr8-1 uptime is 9 years, 9 weeks, 2 days, 8 hours, 39 minutes Uptime for this control processor is 9 years, 2 weeks, 2 days, 18 minutes System returned to ROM by Stateful Switchover at 13:46:36 UTC Tue Sep 6 2005 SNIP/ Matt, Wow. You have amazing power reliability! Want to tell us your secret? Regards. James R. Cutler james.cut...@consultant.com PGP keys at http://pgp.mit.edu
Re: Saying goodnight to my GSR
So when was the last time you patched this internet facing device? On Sep 20, 2014 7:12 PM, Matthew S. Crocker matt...@corp.crocker.com wrote: -48VDC. On Sep 20, 2014, at 10:58 AM, James R Cutler james.cut...@consultant.com wrote: On Sep 20, 2014, at 10:18 AM, Matthew Crocker matt...@corp.crocker.com wrote about his old router: SNIP/ gsr8-1 uptime is 9 years, 9 weeks, 2 days, 8 hours, 39 minutes Uptime for this control processor is 9 years, 2 weeks, 2 days, 18 minutes System returned to ROM by Stateful Switchover at 13:46:36 UTC Tue Sep 6 2005 SNIP/ Matt, Wow. You have amazing power reliability! Want to tell us your secret? Regards. James R. Cutler james.cut...@consultant.com PGP keys at http://pgp.mit.edu
Re: Saying goodnight to my GSR
OK thank you for decommissioning this.* * Only if you either had authority to do so for max 1 year or had no authority but were fighting to have it patches or replaced for years. On Sep 20, 2014 7:54 PM, Daniel Sterling sterling.dan...@gmail.com wrote: On Sat, Sep 20, 2014 at 1:37 PM, Bacon Zombie baconzom...@gmail.com wrote: So when was the last time you patched this internet facing device? Isn't the better response, thank you for decommissioning it? Can someone from cisco set up a poll or release whatever numbers they have about how many of these old devices are still in service? Thanks, Dan
Re: Saying goodnight to my GSR
On Sep 20, 2014, at 10:37, Bacon Zombie baconzom...@gmail.com wrote: So when was the last time you patched this internet facing device? Sunday sept 4 2005? Seems like a good run. If it hasn't been rooted or fallen over since then it's apparently pretty secure... On Sep 20, 2014 7:12 PM, Matthew S. Crocker matt...@corp.crocker.com wrote: -48VDC. On Sep 20, 2014, at 10:58 AM, James R Cutler james.cut...@consultant.com wrote: On Sep 20, 2014, at 10:18 AM, Matthew Crocker matt...@corp.crocker.com wrote about his old router: SNIP/ gsr8-1 uptime is 9 years, 9 weeks, 2 days, 8 hours, 39 minutes Uptime for this control processor is 9 years, 2 weeks, 2 days, 18 minutes System returned to ROM by Stateful Switchover at 13:46:36 UTC Tue Sep 6 2005 SNIP/ Matt, Wow. You have amazing power reliability! Want to tell us your secret? Regards. James R. Cutler james.cut...@consultant.com PGP keys at http://pgp.mit.edu
Re: Saying goodnight to my GSR
On Sat, Sep 20, 2014 at 1:37 PM, Bacon Zombie baconzom...@gmail.com wrote: So when was the last time you patched this internet facing device? Isn't the better response, thank you for decommissioning it? Can someone from cisco set up a poll or release whatever numbers they have about how many of these old devices are still in service? Thanks, Dan
Re: Saying goodnight to my GSR
Again, you're focusing resentment towards someone who did the right thing. Negative reinforcement will discourage others from taking action and will discourage them from encouraging others to take action. Let's focus on who still has vulnerable equipment and how to help them. Let's not shame people who did the right thing Thanks, Dan On Sat, Sep 20, 2014 at 1:59 PM, Bacon Zombie baconzom...@gmail.com wrote: OK thank you for decommissioning this.* * Only if you either had authority to do so for max 1 year or had no authority but were fighting to have it patches or replaced for years. On Sep 20, 2014 7:54 PM, Daniel Sterling sterling.dan...@gmail.com wrote: On Sat, Sep 20, 2014 at 1:37 PM, Bacon Zombie baconzom...@gmail.com wrote: So when was the last time you patched this internet facing device? Isn't the better response, thank you for decommissioning it? Can someone from cisco set up a poll or release whatever numbers they have about how many of these old devices are still in service? Thanks, Dan
Re: Saying goodnight to my GSR
On Sep 20, 2014, at 1:54 PM, Daniel Sterling sterling.dan...@gmail.com wrote: On Sat, Sep 20, 2014 at 1:37 PM, Bacon Zombie baconzom...@gmail.com wrote: So when was the last time you patched this internet facing device? Isn't the better response, thank you for decommissioning it? Can someone from cisco set up a poll or release whatever numbers they have about how many of these old devices are still in service? OpenSNMPProject has some of this data for devices that respond to the string ‘public’. Lots of old stuff out there. - Jared
RE: Saying goodnight to my GSR
And what, exactly, is it vulnerable to? -Original Message- From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Daniel Sterling Sent: Saturday, 20 September, 2014 12:06 To: Bacon Zombie Cc: nanog@nanog.org Subject: Re: Saying goodnight to my GSR Again, you're focusing resentment towards someone who did the right thing. Negative reinforcement will discourage others from taking action and will discourage them from encouraging others to take action. Let's focus on who still has vulnerable equipment and how to help them. Let's not shame people who did the right thing Thanks, Dan On Sat, Sep 20, 2014 at 1:59 PM, Bacon Zombie baconzom...@gmail.com wrote: OK thank you for decommissioning this.* * Only if you either had authority to do so for max 1 year or had no authority but were fighting to have it patches or replaced for years. On Sep 20, 2014 7:54 PM, Daniel Sterling sterling.dan...@gmail.com wrote: On Sat, Sep 20, 2014 at 1:37 PM, Bacon Zombie baconzom...@gmail.com wrote: So when was the last time you patched this internet facing device? Isn't the better response, thank you for decommissioning it? Can someone from cisco set up a poll or release whatever numbers they have about how many of these old devices are still in service? Thanks, Dan
Re: Saying goodnight to my GSR
And what, exactly, is it vulnerable to? Most of these, I'd imagine: http://www.cisco.com/c/en/us/td/docs/ios/12_0s/release/ntes/120SCAVS.html On 20 September 2014 14:25, Keith Medcalf kmedc...@dessus.com wrote: And what, exactly, is it vulnerable to? -Original Message- From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Daniel Sterling Sent: Saturday, 20 September, 2014 12:06 To: Bacon Zombie Cc: nanog@nanog.org Subject: Re: Saying goodnight to my GSR Again, you're focusing resentment towards someone who did the right thing. Negative reinforcement will discourage others from taking action and will discourage them from encouraging others to take action. Let's focus on who still has vulnerable equipment and how to help them. Let's not shame people who did the right thing Thanks, Dan On Sat, Sep 20, 2014 at 1:59 PM, Bacon Zombie baconzom...@gmail.com wrote: OK thank you for decommissioning this.* * Only if you either had authority to do so for max 1 year or had no authority but were fighting to have it patches or replaced for years. On Sep 20, 2014 7:54 PM, Daniel Sterling sterling.dan...@gmail.com wrote: On Sat, Sep 20, 2014 at 1:37 PM, Bacon Zombie baconzom...@gmail.com wrote: So when was the last time you patched this internet facing device? Isn't the better response, thank you for decommissioning it? Can someone from cisco set up a poll or release whatever numbers they have about how many of these old devices are still in service? Thanks, Dan
Re: Saying goodnight to my GSR
On (2014-09-20 14:25 -0600), Keith Medcalf wrote: And what, exactly, is it vulnerable to? Fair question. Felix Lindner has shown some ~0 budget attacks on IOS. But I'm not sure if there actually are known attack vectors for properly secured system (iACL, rACL in this case) Crash bugs are there probably, but those are likely in every release and some motivation + lab time might yield success DoS attack on platform, and if you're L2 connected to a router, most are DoSable anyhow, regardless of version. Personally, I wouldn't be too worried about this. If I were, I wouldn't dare to run any commercially or otherwise available networking operating system, they all have terrible history in terms of software reliability against attacks. But there appears to be no actual business-case for security, if we look at fortune500 companies who have been thoroughly pwned, it has not impacted their market cap. Public sector, including military are happy to buy 'audited' network connection from commercial companies running commercial systems, which all certainly are pwnable with extremely modest budget, regardless how new release they are running. -- ++ytti
RE: Saying goodnight to my GSR
I do not see any vulnerabilities listed there. Only documentation of behavioral bugs, caveats, and restrictions. A vulnerability would be something like the one Microsoft introduced into all versions of the Windows IP stack after Windows 2003 and Windows XP wherein the Operating System will execute the payload of an IP packet with SYSTEM authority and SYSTEM integrity when a crafted IP packet is received in which a certain combination of invalid and reserved header bits are set. -Original Message- From: Ruairi Carroll [mailto:ruairi.carr...@gmail.com] Sent: Saturday, 20 September, 2014 14:57 To: Keith Medcalf Cc: Daniel Sterling; Bacon Zombie; nanog@nanog.org Subject: Re: Saying goodnight to my GSR And what, exactly, is it vulnerable to? Most of these, I'd imagine: http://www.cisco.com/c/en/us/td/docs/ios/12_0s/release/ntes/120SCAVS.html On 20 September 2014 14:25, Keith Medcalf kmedc...@dessus.com wrote: And what, exactly, is it vulnerable to? -Original Message- From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Daniel Sterling Sent: Saturday, 20 September, 2014 12:06 To: Bacon Zombie Cc: nanog@nanog.org Subject: Re: Saying goodnight to my GSR Again, you're focusing resentment towards someone who did the right thing. Negative reinforcement will discourage others from taking action and will discourage them from encouraging others to take action. Let's focus on who still has vulnerable equipment and how to help them. Let's not shame people who did the right thing Thanks, Dan On Sat, Sep 20, 2014 at 1:59 PM, Bacon Zombie baconzom...@gmail.com wrote: OK thank you for decommissioning this.* * Only if you either had authority to do so for max 1 year or had no authority but were fighting to have it patches or replaced for years. On Sep 20, 2014 7:54 PM, Daniel Sterling sterling.dan...@gmail.com wrote: On Sat, Sep 20, 2014 at 1:37 PM, Bacon Zombie baconzom...@gmail.com wrote: So when was the last time you patched this internet facing device? Isn't the better response, thank you for decommissioning it? Can someone from cisco set up a poll or release whatever numbers they have about how many of these old devices are still in service? Thanks, Dan
Re: Saying goodnight to my GSR
- Original Message - From: Matthew Crocker matt...@corp.crocker.com Has been running for a while, time to shut ‘er down. She (is a router a she?) used to handle all of my BGP GigE links but over the years has been demoted to OSPF and T1 aggregation. If anyone needs a boat anchor let me know. Please tell me her nodename is 'gracie'. Cheers, -- jra -- Jay R. Ashworth Baylink j...@baylink.com Designer The Things I Think RFC 2100 Ashworth Associates http://www.bcp38.info 2000 Land Rover DII St Petersburg FL USA BCP38: Ask For It By Name! +1 727 647 1274
