[110792] in North American Network Operators' Group
Re: "Smart" hands around Dulles airport / northern VA.
daemon@ATHENA.MIT.EDU (Warren Kumari)
Sat Jan 17 13:41:35 2009
From: Warren Kumari <warren@kumari.net>
To: Jim Willis <jim.h.willis@gmail.com>
In-Reply-To: <2edfe3130901170737l773f5119gaa590ed600049efe@mail.gmail.com>
Date: Sat, 17 Jan 2009 13:41:17 -0500
Cc: nanog@nanog.org
Errors-To: nanog-bounces@nanog.org
--Apple-Mail-172-507406965
Content-Type: text/plain;
charset=US-ASCII;
format=flowed;
delsp=yes
Content-Transfer-Encoding: 7bit
On Jan 17, 2009, at 10:37 AM, Jim Willis wrote:
> "FAQ:
> Q: What! Are you crazy? I'd never let a stranger into my cage!
> A: Huh, neither would I, but some people are less paranoid than us
> and / or know and trust me."
>
> I wouldn't allow my wife in my cage let alone a stranger and I
> hope my colo would deny you both as well!!!
Yup, I would hope that your colo would deny us (and everyone else as
well) -- unless you call in a ticket and say something like "Please
give Bob access to my cage / cabinet on Thursday at around noonish..."
As for the stranger bit -- we all have different levels of trust /
paranoia. I personally rank towards the top of the paranoia scale, but
if I had a widget in Wyoming that needed wiring and one of the people
that I know personally from the list happened to be around there, I'd
probably trust them more than the colo provided folks. This all
depends upon what the widget it, what needs doing and who the person
is -- there are some people that I wouldn't let near my gear with a
50ft pole and some people that I trust to some (small) extent.
There are some folks that are much more trusting (or possibly more
desperate) than us though. Last time I made this offer I got (amongst
other requests) a call in the middle of the night some someone I'd
never met (nor heard of) asking me to please go over and console into
a router as they had managed to push an ACL and lock themselves out --
he cheerfully volunteered his locally configured account info and
seemed surprised when I suggested that that, now that it was exposed,
he immediately change it everywhere...
The type of gear that I have in the cage also plays into this as well
-- if the only gear in the cage is networking gear I'd be more
comfortable that if there are servers and such. Yes, it is possible
that someone could insert a tap or connect to my management network
(or a whole host of other nefarious things), but a: this is something
that they could do anyway if they were determined enough (if you trust
your colo provider to provide perfect physical security than you are
1: stupid and 2: less paranoid than me) and b: I'd have an easier time
auditing network gear than servers.
> I suppose this may be useful for some as there have been two
> responses to your initial posting however, we use locked cabinets
> and cages for a reason. I can appreciate wanting to return the trust
> and community to the industry even though the outlook looks bleak on
> your behalf.
Just for information, I have received 8 off-list responses from people
thanking me and volunteering their time, ranging from NoVa to Chicago
to TX to the Bay Area -- sometime I'll set up a list or website where
people can list where they can help out.
Once again, this is purely an offer that people can take advantage of
if they want -- I am not forming some secret cabal of trained ninjas
that will break into people cabinets and swap linecards while no one
is watching, nor am I trying to coerce anyone into doing something
that they are not comfortable with.
It's your network, if you need an XFP swapped and would like me to do
so, great. If you don't, great.
W
>
>
> Cheers,
> Jim
>
> On Sat, Jan 17, 2009 at 10:56 PM, Brandon Galbraith <brandon.galbraith@gmail.com
> > wrote:
> On 1/16/09, Warren Kumari <warren@kumari.net> wrote:
> >
> > Hi all,
> >
> > This is a mail that I have been meaning to send ever since I moved
> back to
> > the NoVA area, but have only gotten around to now...
> >
> > Many years ago I used to provide emergency, smart hands type
> assistance to
> > those in need, but had to give this up when I moved out of the
> area. Anyway,
> > I'm back and am willing to start doing this again....
> >
> > This is primarily for those cases where you would normally have to
> fly
> > someone out to have them replace a line-card or two, hook up a few
> cables,
> > maybe swap a disk in an array, etc. This is not for those cases
> where you
> > simple need someone to push the reset button, nor for rebuilding
> your entire
> > cage from scratch...
> >
> > Anyway, if you have gear here and think that you might need to
> take me up
> > on this, drop me a mail and I'll give you my direct contact info...
> >
> > If you like this idea, and are willing to also provide this sort
> of thing
> > to the community (either in this, or in another area), please let
> me know --
> > I'll look into setting up a website / mailing list / something...
> >
>
> What Warren said. I'm in the Chicagoland area.
>
> -brandon
>
> --
> Brandon Galbraith
> Voice: 630.400.6992
> Email: brandon.galbraith@gmail.com
>
--Apple-Mail-172-507406965
Content-Disposition: attachment;
filename=smime.p7s
Content-Type: application/pkcs7-signature;
name=smime.p7s
Content-Transfer-Encoding: base64
MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIF5TCCAt0w
ggHFoAMCAQICAQIwCwYJKoZIhvcNAQEFMGAxLjAsBgNVBAMMJVdhcnJlbiBLdW1hcmkncyBDZXJ0
aWZpY2F0ZSBBdXRob3JpdHkxCzAJBgNVBAYTAlVTMSEwHwYJKoZIhvcNAQkBFhJ3a3VtYXJpQGdv
b2dsZS5jb20wHhcNMDkwMTEzMDE0MTEzWhcNMTEwMjIwMDE0MTEzWjBQMR8wHQYDVQQDDBZ2cG4u
ZG5zc2VjLWV4YW1wbGUuY29tMQswCQYDVQQGEwJVUzEgMB4GCSqGSIb3DQEJARYRd2FycmVuQGt1
bWFyaS5uZXQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALkaHLi+mSGuP7zrTKg+DBJODNRO
Q57lqOIuWZNr7CkQXJrPWinVKRfffbP6Z1NOXZnNe7khxGv/mq2Qj4J7VEoPEnp3VLcKLawpxLMN
4VnbBFKOLlb+ui1Rs0lzfKrWlI/ecZe3q2AV8dyRlaRd3U23Qf7Oh7wKV1OhLEeyQS2dAgMBAAGj
ODA2MDQGA1UdEQQtMCuBEXdhcnJlbkBrdW1hcmkubmV0ghZ2cG4uZG5zc2VjLWV4YW1wbGUuY29t
MA0GCSqGSIb3DQEBBQUAA4IBAQAXgT9iMlkHTv83Gjx2G6EvOi/zkzEKM7VSYfN3MjKPzaJF12bV
xx5cHGHeLR/1gJlFz018dNsKlpdSH4c0NTqBxgr8Y8FOeN7XnZWY2x/2X47qKbrtQQqsZHGRqF7l
eoMeUR/YsOMuz3aoIXSKXO5m46JGESUq65JOfFFj1V+QOYmFpK1BtM7FG5GYpLYo5SGKcyyOpY19
ULMMVj5PbmYf6B3w83Sb6JE1Ww77gLPXEF/nIrmTwF4Y38mkUwA6M2JsaryqqlNgRWAOLXAKhIXk
wLIVWSnZMQcJQjr+kWO8JOQkX1TCbdIKquBCGZZyEOnxfsv4/Zhdq63+nSYf/dMfMIIDADCCAeig
AwIBAgIBBDALBgkqhkiG9w0BAQUwYDEuMCwGA1UEAwwlV2FycmVuIEt1bWFyaSdzIENlcnRpZmlj
YXRlIEF1dGhvcml0eTELMAkGA1UEBhMCVVMxITAfBgkqhkiG9w0BCQEWEndrdW1hcmlAZ29vZ2xl
LmNvbTAeFw0wOTAxMTMxNDM0MDdaFw0xMTAyMjAxNDM0MDdaMEcxFjAUBgNVBAMMDVdLIC0gVlBO
IENlcnQxCzAJBgNVBAYTAlVTMSAwHgYJKoZIhvcNAQkBFhF3YXJyZW5Aa3VtYXJpLm5ldDCBnzAN
BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA7DL24PTWK0cxSNZkG8f36ONGbV5ZlDYaAcXIqeJ85sBc
63Gam1AjHOzg5TicvfY+0TxbBxR7DDVXT1Zs0idpM0TCH83lxto1gPiZIls7ijMDixPmZakP3oFJ
eHfqw5QZPytYRrOrz8QSkak2Z13NjYEDewwaypr8nGXcZcbwI5UCAwEAAaNkMGIwCwYDVR0PBAQD
AgSQMDUGA1UdJQQuMCwGCCsGAQUFBwMCBggrBgEFBQcDAQYHKwYBBQIDBAYHKwYBBQIDBQYEVR0l
ADAcBgNVHREEFTATgRF3YXJyZW5Aa3VtYXJpLm5ldDANBgkqhkiG9w0BAQUFAAOCAQEAt7MNGeeK
DMrhUQzkP3IyxmkCYUxlZmKEuA471Mj2rHMfBuU3nkGc4N80jFts7eILyhewgVDB7HhvmXCtB61o
E/deBU2t5JqA+BkL+ddIbKsOcZdGaUR7NjqOY7XcYmOlwn5MQPPFJKBiXqUO+JmqOr4cEpeDDPNx
wO5/6AJea7bAF7Mwv3lmCC/xU1AxEVy9Snqqf0y9sn44hWHV797Zc0TvBs9N1HFdJ/YFoLF/Pryd
HhSMNZR/fnV09RsUd843WhLOqq1wqvmu/hx3QmOR5ApjK7X3NflDoDoPGp95TYD+0sMeVOFIibj1
F29BcQmTH34u1V2ry9sKrmd5anCCQDGCAlowggJWAgEBMGUwYDEuMCwGA1UEAwwlV2FycmVuIEt1
bWFyaSdzIENlcnRpZmljYXRlIEF1dGhvcml0eTELMAkGA1UEBhMCVVMxITAfBgkqhkiG9w0BCQEW
EndrdW1hcmlAZ29vZ2xlLmNvbQIBBDAJBgUrDgMCGgUAoIIBSzAYBgkqhkiG9w0BCQMxCwYJKoZI
hvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0wOTAxMTcxODQxMTdaMCMGCSqGSIb3DQEJBDEWBBRSCHmM
syiOL+JfebFGC5ZwELGWDjB0BgkrBgEEAYI3EAQxZzBlMGAxLjAsBgNVBAMMJVdhcnJlbiBLdW1h
cmkncyBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkxCzAJBgNVBAYTAlVTMSEwHwYJKoZIhvcNAQkBFhJ3
a3VtYXJpQGdvb2dsZS5jb20CAQIwdgYLKoZIhvcNAQkQAgsxZ6BlMGAxLjAsBgNVBAMMJVdhcnJl
biBLdW1hcmkncyBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkxCzAJBgNVBAYTAlVTMSEwHwYJKoZIhvcN
AQkBFhJ3a3VtYXJpQGdvb2dsZS5jb20CAQIwDQYJKoZIhvcNAQEBBQAEgYBHYR82jsKsFM8ARy4e
DfxHsdT2+V834oK4tI0aE6hKEev5irePVRe6Nokb8O4MJOubKvLj1ms/8nj9wpfACbKW7JTlt/XM
Xv7RUkdjip0ktilxOhIMvjuRAJaqrx2NoE0X3y3WgW0eJwetZGupUVUB64TXss7Ud5G9RIvZkUxV
swAAAAAAAA==
--Apple-Mail-172-507406965--
