Contact for va.gov

Mike mike-nanog at tiedyenetworks.com
Thu Apr 14 22:28:00 CDT 2011


On 04/14/2011 07:54 PM, Nathan Eisenberg wrote:
>> Is tracking down the original user and letting them know about the
>> config leak a standard practice, necessary or "the right thing to do"?
>
> Municipal networks often provide some emergency services, and we all know what the VA provides.  Once you know whose gear it is, I guess you have to decide if you'd be willing to have a little bit of that organization's (or their patrons) blood on your hands.
>
> Especially in the case of the VA, for me, the answer is 'hell no'.  If it was "Joes defunct sprocket startup", I'd likely just format flash: and move on.
>
>

A few months back I had exactly this situation - I bought a switch off 
ebay that was still loaded with it's config, and it had come from 
yahoo.com. Now, I am the good netizen and I flagged them about this and 
was able to help them find the source which I assume they 'fixed' this 
leak. The data in the fig file could have been (mis)used to yahoo's 
network security disadvantage and wherever you stand I think we all can 
agree that cluing them in was the right thing to do. But for someone 
else's startup, probably would not have bothered.

Mike-




More information about the NANOG mailing list