"Smart" hands around Dulles airport / northern VA.

Warren Kumari warren at kumari.net
Sat Jan 17 12:41:17 CST 2009


On Jan 17, 2009, at 10:37 AM, Jim Willis wrote:

> "FAQ:
> Q: What!  Are you crazy? I'd never let a stranger into my cage!
> A: Huh, neither would I, but some people are less paranoid than us  
> and / or know and trust me."
>
>   I wouldn't allow my wife in my cage let alone a stranger and I  
> hope my colo would deny you both as well!!!

Yup, I would hope that your colo would deny us (and everyone else as  
well) --  unless you call in a ticket and say something like "Please  
give Bob access to my cage / cabinet on Thursday at around noonish..."

As for the stranger bit -- we all have different levels of trust /  
paranoia. I personally rank towards the top of the paranoia scale, but  
if I had a widget in Wyoming that needed wiring and one of the people  
that I know personally from the list happened to be around there, I'd  
probably trust them more than the colo provided folks. This all  
depends upon what the widget it, what needs doing and who the person  
is -- there are some people that I wouldn't let near my gear with a  
50ft pole and some people that I trust to some (small) extent.

There are some folks that are much more trusting (or possibly more  
desperate) than us though. Last time I made this offer I got (amongst  
other requests) a call in the middle of the night some someone I'd  
never met (nor heard of) asking me to please go over and console into  
a router as they had managed to push an ACL and lock themselves out --  
he cheerfully volunteered his locally configured account info and  
seemed surprised when I suggested that that, now that it was exposed,  
he immediately change it everywhere...

The type of gear that I have in the cage also plays into this as well  
-- if the only gear in the cage is networking gear I'd be more  
comfortable that if there are servers and such. Yes, it is possible  
that someone could insert a tap or connect to my management network  
(or a whole host of other nefarious things), but a: this is something  
that they could do anyway if they were determined enough (if you trust  
your colo provider to provide perfect physical security than you are  
1: stupid and 2: less paranoid than me) and b: I'd have an easier time  
auditing network gear than servers.


> I suppose this may be useful for some as there have been two  
> responses to your initial posting however, we use locked cabinets  
> and cages for a reason. I can appreciate wanting to return the trust  
> and community to the industry even though the outlook looks bleak on  
> your behalf.

Just for information, I have received 8 off-list responses from people  
thanking me and volunteering their time, ranging from NoVa to Chicago  
to TX to the Bay Area -- sometime I'll set up a list or website where  
people can list where they can help out.

Once again, this is purely an offer that people can take advantage of  
if they want -- I am not forming some secret cabal of trained ninjas  
that will break into people cabinets and swap linecards while no one  
is watching, nor am I trying to coerce anyone into doing something  
that they are not comfortable with.

It's your network, if you need an XFP swapped and would like me to do  
so, great. If you don't, great.

W

>
>
> Cheers,
> Jim
>
> On Sat, Jan 17, 2009 at 10:56 PM, Brandon Galbraith <brandon.galbraith at gmail.com 
> > wrote:
> On 1/16/09, Warren Kumari <warren at kumari.net> wrote:
> >
> > Hi all,
> >
> > This is a mail that I have been meaning to send ever since I moved  
> back to
> > the NoVA area, but have only gotten around to now...
> >
> > Many years ago I used to provide emergency, smart hands type  
> assistance to
> > those in need, but had to give this up when I moved out of the  
> area. Anyway,
> > I'm back and am willing to start doing this again....
> >
> > This is primarily for those cases where you would normally have to  
> fly
> > someone out to have them replace a line-card or two, hook up a few  
> cables,
> > maybe swap a disk in an array, etc. This is not for those cases  
> where you
> > simple need someone to push the reset button, nor for rebuilding  
> your entire
> > cage from scratch...
> >
> > Anyway, if you have gear here and think that you might need to  
> take me up
> > on this, drop me a mail and I'll give you my direct contact info...
> >
> > If you like this idea, and are willing to also provide this sort  
> of thing
> > to the community (either in this, or in another area), please let  
> me know --
> > I'll look into setting up a website / mailing list / something...
> >
>
> What Warren said. I'm in the Chicagoland area.
>
> -brandon
>
> --
> Brandon Galbraith
> Voice: 630.400.6992
> Email: brandon.galbraith at gmail.com
>

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2173 bytes
Desc: not available
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20090117/b2e06848/attachment.bin>


More information about the NANOG mailing list