[c-nsp] counterfeit?

Richard A Steenbergen ras at e-gerbil.net
Fri Jan 25 14:51:23 EST 2008


On Fri, Jan 25, 2008 at 10:39:29AM -0800, Steve Feldman wrote:
> I don't think that's enough to tell.
> 
> We once got a batch of SFPs which seemed to work just fine, until
> we plugged more than one into the same router.  It turned out they
> had identical serial numbers....

Cisco branded optics use a one-way cryptographic hash of the serial number 
plus some kind of secret key written to the EEPROM, as a method to prevent 
people from just easily setting "CISCO-REALVENDOR" on the vendor field to 
produce clones. The first generation of cloners just copied the serial 
number and hash from a real Cisco optic, leading Cisco to implement a 
check for multiple copies of the same serial number in the box.

I don't know if the secret key has been compromised, or if the cloners 
just have access to a really large sample set, but these days they seem to 
have no problem defeating the check and producing Cisco-branded optics 
which work in any system. Many optic vendors will even give you a choice 
of what you want your EEPROM vendor field to say, so you can even make 
your own "store brand" line of optics the same way that Cisco does.

-- 
Richard A Steenbergen <ras at e-gerbil.net>       http://www.e-gerbil.net/ras
GPG Key ID: 0xF8B12CBC (7535 7F59 8204 ED1F CC1C 53AF 4C41 5ECA F8B1 2CBC)


More information about the cisco-nsp mailing list