Everything is incredibly broken and fragile. If you are not pwned, it is because no one wants to. DDoSing any backbone router is trivial from 10Mbps VPN, cause we cant protect the control plane. And it doesnt matter. No one wants to do that. ++ytti ________________________________ Lähettäjä: Shawn L via NANOG <nanog@lists.nanog.org> Lähetetty: Wednesday, December 24, 2025 3:01:36 PM Vastaanottaja: North American Network Operators Group <nanog@lists.nanog.org> Kopio: Shawn L <shawnl@up.net> Aihe: Re: What are folks using for serial consoles these days? I learned unix on those and worked almost exclusively with them for most of my early career. I kind of miss them. -----Original Message----- From: "borg--- via NANOG" <nanog@lists.nanog.org> Sent: Wednesday, December 24, 2025 4:58am To: nanog@lists.nanog.org Cc: borg@uu3.net Subject: Re: What are folks using for serial consoles these days? Heh, yeah right.. the very same security guys who CANNOT actually keep they stuff safe... or under controll.. Breaches and leaks left and right all the time.. But, back to the topic. Back in good old times I was admining SUN servers, and they had that super cool think called ALOM with was OOB CLI management stuff that worked all the time, even when device was powered on but plugged in. It was awesome.. Whatever happened to server, you could always telnet (or use SUN serial) to ALOM, and check things out or even reinstall box remotly if you had infra for it set up.. It was great thing. Ytti is absolutly right here. This stuff should be norm and from security point of view, I can always make entire OOB network dark, only accessible via VPN overlay network... ---------- Original message ---------- From: Lukasz Bromirski via NANOG <nanog@lists.nanog.org> To: North American Network Operators Group <nanog@lists.nanog.org> Cc: Lukasz Bromirski <lukasz@bromirski.net> Subject: Re: What are folks using for serial consoles these days? Date: Tue, 23 Dec 2025 20:51:54 +0100 Saku, NANOG-ers,
On 23 Dec 2025, at 20:04, Saku Ytti via NANOG <nanog@lists.nanog.org> wrote:
On Tue, 23 Dec 2025 at 21:01, Phil Bedard <bedard.phil@gmail.com> wrote:
From a Cisco perspective when we built the first 8000 (Silicon One) routers, the original 8201/8202 had a separate Baseboard Management Controller (BMC) the same as a server because we thought people would truly enjoy having that. In turns out no one used it and more were confused by it. It added extra cost and took up real estate that could be used for other things, so it didn˙˙t continue.
And I will apologise for all of us customers, we are wrong, you were right with CMP, you were right with BMC. It is blind spot we have and we need education.
I'm pretty sure you're half-joking and half-not, but that's the reality. I lead platform (hardware) development for Cisco Firewalls. I can tell you, that during my discussions with all of our Customers, from biggest to smallest ones, security folks don't appreciate fully dedicated, separate out-of-band management ports, with their own OS that's available no-matter-what. I've been through hundreds of discussions, and everybody says "nah" (and I don't even go into cost or whatever - just "availability"). I very much like your comment, and I'll use it, but that's reality folks - you vote with your wallets, and it seems that's not really as critical for management as you'd (and I'd) think. And even *I* have LTE access to my own rack(s), including console ports. And I'm just toying with all the fancy and less fancy gear... 2005? Hell - more like 1995... -- Łukasz Bromirski _______________________________________________ NANOG mailing list https://lists.nanog.org/archives/list/nanog@lists.nanog.org/message/7E53W37W... _______________________________________________ NANOG mailing list https://lists.nanog.org/archives/list/nanog@lists.nanog.org/message/E7PZ4XCP... _______________________________________________ NANOG mailing list https://lists.nanog.org/archives/list/nanog@lists.nanog.org/message/KDJLQDJB...