IOS Rookit: the sky isn't falling (yet)

Date: Tue, 27 May 2008 15:46:34 -0400 (EDT)
From: Sean Donelan <>

> Are you buying directly from cisco or from resellers? If you are getting
> counterfeit hardware directly from cisco then I guess we have real problems.

According to the FBI presentation, which may not be a reliable source
for this topic, Cisco has very few "direct" customers.

Even if you think you are ordering "direct" from Cisco, e.g., the order seems to get forwarded to several primary Cisco
resellers and the hardware shipped via a reseller. Even most resellers
buy their Cisco products from a primary reseller or a secondary reseller,
not direct from Cisco.

The FBI presentation did note that a few US Cisco customers, such as some
unnamed large US telcos and unnamed intelligence agencies, do order and
ship directly from Cisco.

A lot of folks order from a reseller and Cisco ships directly. This is
true for many section 8a resellers when selling to organizations under
those purchasing mandates...anyone spending federal $$$. I suspect some
states have similar requirements. (Section 8a gives preference to small,
minority owned, and disadvantaged businesses.)

In any case, the reseller never sees this equipment. I am unclear on how
common this is in the non-8a part of the world, but I suspect a lot of
folks get their stuff direct from Cisco (or Juniper, for that matter),
even though they buy from a reseller, if they are buying bigger boxes
that small resellers are unlikely to stock.