Contact for

Mike mike-nanog at
Fri Apr 15 03:28:00 UTC 2011

On 04/14/2011 07:54 PM, Nathan Eisenberg wrote:
>> Is tracking down the original user and letting them know about the
>> config leak a standard practice, necessary or "the right thing to do"?
> Municipal networks often provide some emergency services, and we all know what the VA provides.  Once you know whose gear it is, I guess you have to decide if you'd be willing to have a little bit of that organization's (or their patrons) blood on your hands.
> Especially in the case of the VA, for me, the answer is 'hell no'.  If it was "Joes defunct sprocket startup", I'd likely just format flash: and move on.

A few months back I had exactly this situation - I bought a switch off 
ebay that was still loaded with it's config, and it had come from Now, I am the good netizen and I flagged them about this and 
was able to help them find the source which I assume they 'fixed' this 
leak. The data in the fig file could have been (mis)used to yahoo's 
network security disadvantage and wherever you stand I think we all can 
agree that cluing them in was the right thing to do. But for someone 
else's startup, probably would not have bothered.


More information about the NANOG mailing list