[c-nsp] counterfeit?
Richard A Steenbergen
ras at e-gerbil.net
Fri Jan 25 14:51:23 EST 2008
On Fri, Jan 25, 2008 at 10:39:29AM -0800, Steve Feldman wrote:
> I don't think that's enough to tell.
>
> We once got a batch of SFPs which seemed to work just fine, until
> we plugged more than one into the same router. It turned out they
> had identical serial numbers....
Cisco branded optics use a one-way cryptographic hash of the serial number
plus some kind of secret key written to the EEPROM, as a method to prevent
people from just easily setting "CISCO-REALVENDOR" on the vendor field to
produce clones. The first generation of cloners just copied the serial
number and hash from a real Cisco optic, leading Cisco to implement a
check for multiple copies of the same serial number in the box.
I don't know if the secret key has been compromised, or if the cloners
just have access to a really large sample set, but these days they seem to
have no problem defeating the check and producing Cisco-branded optics
which work in any system. Many optic vendors will even give you a choice
of what you want your EEPROM vendor field to say, so you can even make
your own "store brand" line of optics the same way that Cisco does.
--
Richard A Steenbergen <ras at e-gerbil.net> http://www.e-gerbil.net/ras
GPG Key ID: 0xF8B12CBC (7535 7F59 8204 ED1F CC1C 53AF 4C41 5ECA F8B1 2CBC)
More information about the cisco-nsp
mailing list