A Tale of Two Switches

Cybersecurity Diary Entry - A Tale of Two Switches

Noise.  The fans in switches generate a lot of noise, especially when the cases are removed.  Here I sat, the guts of an old Cisco 3750X open before me, belching out the squeal of fans, while I pressed the Mode button as it booted.  Cisco is not really a fan of their equipment being resold, but also assigns an end of sale and life to all their inventory.  In order to ensure the development of a product to be used in production network environments, it becomes necessary to procure the same equipment.  As such, unbeknown to me, I sat between the age of wisdom and foolishness.

Two switches, the same model, manufactured a year apart and, while arriving in the same shipment, both had a very different story to tell.  The one I was currently working on formerly belonged to a bank, hailing from the Midwest of the United States.  How might one know this?  Well, the switch had a banner claiming as much, including legal jargon threatening anyone with accessing said device without permission. 

As such, I was pressing the Mode button to try and get to a place where I could delete the configuration, something the bank most certainly should have done before selling the device as used.  A few moments later, I was greeted with victory, the screen displaying a prompt reading “switch:” and awaiting further input.  Now, as some might be aware, the Mode button is accessible from the outside, so why bother opening the case?

Well, this particular bank had disabled the button by removing it from the small circuit board responsible for the button and the status LEDs on this particular model of switch.  While similar generations of this switch had a particular issue with regard to the button being pressed by booted network cables, see the diagram below, courtesy of Cisco (and a humorous engineering mishap), it is possible that the button on this model, which supposedly did not suffer from the same issue, was removed by the bank for the sake of security (as shown by the red circle).

two switches

Unfortunately, we had paid good money, even if it was very little, for this device, and I was not about to by stymied by such foolishness.  As such, I removed the same circuit board from the other switch we had purchased and plugged it into the ribbon cable on the bank’s former switch.  So much for that security measure, but it did spark a curiosity, so instead of simply deleting the configuration, I took a well-deserved peek for my efforts.

The switch was programmed beautifully, the configuration was art.  Yes, I am a geek, but you’re reading this, so what does that make you?  Really, though, it was wonderful.  Everything I thought of and more was there, I even had to look up a couple of things I did not recognize.  The security was perfect, very well programmed, ensuring even the greatest of hackers would not likely find their way in.  Unless, of course, they didn’t wipe the device before selling it.

That was it.  A couple of commands later, the configuration was gone.  The second switch was quite the opposite and had very little story to tell.  But, someone had gone to the lengths of not only deleting the configuration, but the software to run the switch, as well.  While there is a happy ending to this story, since I wanted to stack these switches, it was only after a couple of hours of transferring the software via console cable that both switches were recalled to life.

March 29th, 2022