Re: beware: being old sucks

[Randy Bush via NANOG <nanog () lists nanog org>]

a fellow nanogger wrote:

> I've only *just* gotten to the note from a week or more ago.
>
> >     + tftp-server nvram:startup-config          <<<<<<======
> >       snmp-server community foo 98
> >       snmp-server trap-source Vlan1
> >       snmp-server location Ashburn VA US
>
> I, too, got this from a RANCID setup I built a long time ago.
>
> > and here is the talos report, thanks joe
> >
> >    https://blog.talosintelligence.com/static-tundra/
> >
> > set `no vstack` in config.  no, that is not the default.
>
> I'd told the owner that I didn't think he had control of his gear
> anymore, but this helped me to convince him to put a new switch in.

moving this to nanog because i did not elaborate on a critical point.

when you get this, presume the config of this trivial ancient devic has
been snatched.  did the device have any burned in users, a la

     username foo privilege 15 password 7 bar

and that uid/pass is used on other, presumably more modern, devices,
you need to change the passwords everywhere.

same for other credentials, snmp, bgpmd5, ...

randy
_______________________________________________
NANOG mailing list 
https://lists.nanog.org/archives/list/nanog () lists nanog org/message/HJ64BOPTJ75K3EX5AEHR4E4LW5OZEEQG/