Re: [c-nsp] TIL: Maintenance Operations Protocol (MOP)

2022-04-13 Thread Nick Hilliard via cisco-nsp
--- Begin Message --- Drew Weaver wrote on 05/08/2021 19:20: Yes, in my research I noticed that OS image age has nothing to do with it. Newer images with different trains have it enabled, older images in totally other trains as well. Also even though it appears to emulate VTY simply configuring

Re: [c-nsp] TIL: Maintenance Operations Protocol (MOP)

2021-08-06 Thread Drew Weaver
:18 PM To: 'a...@djlab.com' ; 'cisco-nsp' Subject: Re: [c-nsp] TIL: Maintenance Operations Protocol (MOP) Yes, Plus consider the fact that if you do a 'show users' it shows up as a VTY connection and if you set transports on your configuration interfaces (console) it ignores that and still works

Re: [c-nsp] TIL: Maintenance Operations Protocol (MOP)

2021-08-06 Thread Drew Weaver
, 2021 12:13 PM To: cisco-nsp Subject: Re: [c-nsp] TIL: Maintenance Operations Protocol (MOP) For something that is answering by default, where brutes cannot be blocked or ratelimited by CoPP or MLS kbobs? Control plane DDoS anyone? What other surprises are in it's codes? I'm sure a (hopefully

Re: [c-nsp] TIL: Maintenance Operations Protocol (MOP)

2021-08-06 Thread Randy (K6RP)
. It doesn't seem to log anything when you use it, too. -Original Message- From: Oliver Boehmer (oboehmer) Sent: Friday, August 6, 2021 11:48 AM To: Gert Doering ; Lukas Tribus Cc: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] TIL: Maintenance Operations Protocol (MOP) On Fri, Aug 06

Re: [c-nsp] TIL: Maintenance Operations Protocol (MOP)

2021-08-06 Thread Drew Weaver
seem to log anything when you use it, too. -Original Message- From: Oliver Boehmer (oboehmer) Sent: Friday, August 6, 2021 11:48 AM To: Gert Doering ; Lukas Tribus Cc: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] TIL: Maintenance Operations Protocol (MOP) On Fri, Aug 06, 2021 at 02

Re: [c-nsp] TIL: Maintenance Operations Protocol (MOP)

2021-08-06 Thread Oliver Boehmer (oboehmer) via cisco-nsp
--- Begin Message --- On Fri, Aug 06, 2021 at 02:00:30PM +0200, Lukas Tribus wrote: > I'm no longer putting in hundreds of hours to fight losing battles, > which earlier in my carrier I did: >

Re: [c-nsp] TIL: Maintenance Operations Protocol (MOP)

2021-08-06 Thread Gert Doering
Hi, On Fri, Aug 06, 2021 at 02:00:30PM +0200, Lukas Tribus wrote: > I'm no longer putting in hundreds of hours to fight losing battles, > which earlier in my carrier I did: > https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/Cisco-SA-20140828-CVE-2014-3347 Ensuring that MOP

Re: [c-nsp] TIL: Maintenance Operations Protocol (MOP)

2021-08-06 Thread Lukas Tribus
On Fri, 6 Aug 2021 at 09:59, James Bensley wrote: > > What is right or technically correct is not always the priority. > > This is the job we do, right? (it's the job I do anyway). We find a > way to convince the powers that be, that this is a massive security > risk for example, or for example

Re: [c-nsp] TIL: Maintenance Operations Protocol (MOP)

2021-08-06 Thread James Bensley
On Thu, 5 Aug 2021 at 22:47, Lukas Tribus wrote: > > On Thu, 5 Aug 2021 at 21:49, Nick Hilliard wrote: > > It has the appearance of a feature which is kept alive because some > > customer with a huge spend demands it in general-deployment release > > trains (this is idle speculation and may be

Re: [c-nsp] TIL: Maintenance Operations Protocol (MOP)

2021-08-05 Thread Gert Doering
Hi, On Thu, Aug 05, 2021 at 10:40:20PM +0200, Lukas Tribus wrote: > code from decades ago, the BU responsible for the code path today > probably handles a million other things, some of them presumably do > actually make money. Yeah, like invent new license madness... gert -- "If was one thing

Re: [c-nsp] TIL: Maintenance Operations Protocol (MOP)

2021-08-05 Thread Lukas Tribus
On Thu, 5 Aug 2021 at 21:49, Nick Hilliard wrote: > It has the appearance of a feature which is kept alive because some > customer with a huge spend demands it in general-deployment release > trains (this is idle speculation and may be completely wrong btw). More precisely, who (which employee)

Re: [c-nsp] TIL: Maintenance Operations Protocol (MOP)

2021-08-05 Thread Nick Hilliard
Drew Weaver wrote on 05/08/2021 18:20: It should be forcibly removed entirely in my opinion. Whatever about it being removed, it definitely shouldn't be enabled by default, and there should be a command to disable it completely on all interfaces. It has the appearance of a feature which is

Re: [c-nsp] TIL: Maintenance Operations Protocol (MOP)

2021-08-05 Thread Drew Weaver
] TIL: Maintenance Operations Protocol (MOP) Drew Weaver wrote on 04/08/2021 16:43: > Sorry for the noise if you are all aware of what MOP is but if you > aren't aware of what it is and use Cisco products (especially in a > multi-tenant environment) it may be a good idea to r

Re: [c-nsp] TIL: Maintenance Operations Protocol (MOP)

2021-08-04 Thread Nick Hilliard
Drew Weaver wrote on 04/08/2021 16:43: Sorry for the noise if you are all aware of what MOP is but if you aren't aware of what it is and use Cisco products (especially in a multi-tenant environment) it may be a good idea to read about it and evaluate any impact it may or may not have on your

Re: [c-nsp] TIL: Maintenance Operations Protocol (MOP)

2021-08-04 Thread Drew Weaver
all when it is being used but I wasn't so that is why I am sharing. -Original Message- From: cisco-nsp On Behalf Of Drew Weaver Sent: Wednesday, August 4, 2021 11:44 AM To: cisco-nsp@puck.nether.net Subject: [c-nsp] TIL: Maintenance Operations Protocol (MOP) Hello, Sorry for the noise if

[c-nsp] TIL: Maintenance Operations Protocol (MOP)

2021-08-04 Thread Drew Weaver
Hello, Sorry for the noise if you are all aware of what MOP is but if you aren't aware of what it is and use Cisco products (especially in a multi-tenant environment) it may be a good idea to read about it and evaluate any impact it may or may not have on your environment. Have a nice day =)