Yes, two in one day. Wholesalers don't wipe device configs, apparently.
Anyways, would a technical contact for va.gov please contact me off-list?
Best Regards,
Nathan Eisenberg
Wouldn't the world be a better place if the ARIN contact information
was correct and usable. It would be nice to have an easy place for
these types of requests. I guess maybe this list is that place.
I pinged a buddy of mine at the VA. No word yet and I'm working from Sydney this week so a bit delayed anyhow...
Josh
Is tracking down the original user and letting them know about the
config leak a standard practice, necessary or "the right thing to do"?
I've always just wiped flash and carried on.
It would be far more effective if more organizations set up and maintained a slash-security page (see the NIAC Vulnerability Disclosure Framework for details). This is _exactly_ the kind of information that should be posted there.
Jim
Is tracking down the original user and letting them know about the
config leak a standard practice, necessary or "the right thing to do"?
Municipal networks often provide some emergency services, and we all know what the VA provides. Once you know whose gear it is, I guess you have to decide if you'd be willing to have a little bit of that organization's (or their patrons) blood on your hands.
Especially in the case of the VA, for me, the answer is 'hell no'. If it was "Joes defunct sprocket startup", I'd likely just format flash: and move on.
Nathan
A few months back I had exactly this situation - I bought a switch off ebay that was still loaded with it's config, and it had come from yahoo.com. Now, I am the good netizen and I flagged them about this and was able to help them find the source which I assume they 'fixed' this leak. The data in the fig file could have been (mis)used to yahoo's network security disadvantage and wherever you stand I think we all can agree that cluing them in was the right thing to do. But for someone else's startup, probably would not have bothered.
Mike-