Disable Telnet... NOW, KID!

deanwebb · March 20, 2017, 03:25:09 PM

http://thehackernews.com/2017/03/cisco-network-switch-exploit.html

SimonV · March 21, 2017, 03:34:46 AM

QuoteThis vulnerability affects the following Cisco devices when running a vulnerable Cisco IOS software release and configured to accept incoming Telnet connections:

Cisco Catalyst 2350-48TD-S Switch
Cisco Catalyst 2350-48TD-SD Switch
Cisco Catalyst 2360-48TD-S Switch
Cisco Catalyst 2918-24TC-C Switch
Cisco Catalyst 2918-24TT-C Switch
Cisco Catalyst 2918-48TC-C Switch
Cisco Catalyst 2918-48TT-C Switch
Cisco Catalyst 2928-24TC-C Switch
Cisco Catalyst 2960-24-S Switch
Cisco Catalyst 2960-24LC-S Switch
Cisco Catalyst 2960-24LT-L Switch
Cisco Catalyst 2960-24PC-L Switch
Cisco Catalyst 2960-24PC-S Switch
Cisco Catalyst 2960-24TC-L Switch
Cisco Catalyst 2960-24TC-S Switch
Cisco Catalyst 2960-24TT-L Switch
Cisco Catalyst 2960-48PST-L Switch
Cisco Catalyst 2960-48PST-S Switch
Cisco Catalyst 2960-48TC-L Switch
Cisco Catalyst 2960-48TC-S Switch
Cisco Catalyst 2960-48TT-L Switch
Cisco Catalyst 2960-48TT-S Switch
Cisco Catalyst 2960-8TC-L Compact Switch
Cisco Catalyst 2960-8TC-S Compact Switch
Cisco Catalyst 2960-Plus 24LC-L Switch
Cisco Catalyst 2960-Plus 24LC-S Switch
Cisco Catalyst 2960-Plus 24PC-L Switch
Cisco Catalyst 2960-Plus 24PC-S Switch
Cisco Catalyst 2960-Plus 24TC-L Switch
Cisco Catalyst 2960-Plus 24TC-S Switch
Cisco Catalyst 2960-Plus 48PST-L Switch
Cisco Catalyst 2960-Plus 48PST-S Switch
Cisco Catalyst 2960-Plus 48TC-L Switch
Cisco Catalyst 2960-Plus 48TC-S Switch
Cisco Catalyst 2960C-12PC-L Switch
Cisco Catalyst 2960C-8PC-L Switch
Cisco Catalyst 2960C-8TC-L Switch
Cisco Catalyst 2960C-8TC-S Switch
Cisco Catalyst 2960CG-8TC-L Compact Switch
Cisco Catalyst 2960CPD-8PT-L Switch
Cisco Catalyst 2960CPD-8TT-L Switch
Cisco Catalyst 2960CX-8PC-L Switch
Cisco Catalyst 2960CX-8TC-L Switch
Cisco Catalyst 2960G-24TC-L Switch
Cisco Catalyst 2960G-48TC-L Switch
Cisco Catalyst 2960G-8TC-L Compact Switch
Cisco Catalyst 2960L-16PS-LL Switch
Cisco Catalyst 2960L-16TS-LL Switch
Cisco Catalyst 2960L-24PS-LL Switch
Cisco Catalyst 2960L-24TS-LL Switch
Cisco Catalyst 2960L-48PS-LL Switch
Cisco Catalyst 2960L-48TS-LL Switch
Cisco Catalyst 2960L-8PS-LL Switch
Cisco Catalyst 2960L-8TS-LL Switch
Cisco Catalyst 2960PD-8TT-L Compact Switch
Cisco Catalyst 2960S-24PD-L Switch
Cisco Catalyst 2960S-24PS-L Switch
Cisco Catalyst 2960S-24TD-L Switch
Cisco Catalyst 2960S-24TS-L Switch
Cisco Catalyst 2960S-24TS-S Switch
Cisco Catalyst 2960S-48FPD-L Switch
Cisco Catalyst 2960S-48FPS-L Switch
Cisco Catalyst 2960S-48LPD-L Switch
Cisco Catalyst 2960S-48LPS-L Switch
Cisco Catalyst 2960S-48TD-L Switch
Cisco Catalyst 2960S-48TS-L Switch
Cisco Catalyst 2960S-48TS-S Switch
Cisco Catalyst 2960S-F24PS-L Switch
Cisco Catalyst 2960S-F24TS-L Switch
Cisco Catalyst 2960S-F24TS-S Switch
Cisco Catalyst 2960S-F48FPS-L Switch
Cisco Catalyst 2960S-F48LPS-L Switch
Cisco Catalyst 2960S-F48TS-L Switch
Cisco Catalyst 2960S-F48TS-S Switch
Cisco Catalyst 2960X-24PD-L Switch
Cisco Catalyst 2960X-24PS-L Switch
Cisco Catalyst 2960X-24PSQ-L Cool Switch
Cisco Catalyst 2960X-24TD-L Switch
Cisco Catalyst 2960X-24TS-L Switch
Cisco Catalyst 2960X-24TS-LL Switch
Cisco Catalyst 2960X-48FPD-L Switch
Cisco Catalyst 2960X-48FPS-L Switch
Cisco Catalyst 2960X-48LPD-L Switch
Cisco Catalyst 2960X-48LPS-L Switch
Cisco Catalyst 2960X-48TD-L Switch
Cisco Catalyst 2960X-48TS-L Switch
Cisco Catalyst 2960X-48TS-LL Switch
Cisco Catalyst 2960XR-24PD-I Switch
Cisco Catalyst 2960XR-24PD-L Switch
Cisco Catalyst 2960XR-24PS-I Switch
Cisco Catalyst 2960XR-24PS-L Switch
Cisco Catalyst 2960XR-24TD-I Switch
Cisco Catalyst 2960XR-24TD-L Switch
Cisco Catalyst 2960XR-24TS-I Switch
Cisco Catalyst 2960XR-24TS-L Switch
Cisco Catalyst 2960XR-48FPD-I Switch
Cisco Catalyst 2960XR-48FPD-L Switch
Cisco Catalyst 2960XR-48FPS-I Switch
Cisco Catalyst 2960XR-48FPS-L Switch
Cisco Catalyst 2960XR-48LPD-I Switch
Cisco Catalyst 2960XR-48LPD-L Switch
Cisco Catalyst 2960XR-48LPS-I Switch
Cisco Catalyst 2960XR-48LPS-L Switch
Cisco Catalyst 2960XR-48TD-I Switch
Cisco Catalyst 2960XR-48TD-L Switch
Cisco Catalyst 2960XR-48TS-I Switch
Cisco Catalyst 2960XR-48TS-L Switch
Cisco Catalyst 2970G-24T Switch
Cisco Catalyst 2970G-24TS Switch
Cisco Catalyst 2975 Switch
Cisco Catalyst 3550 12G Switch
Cisco Catalyst 3550 12T Switch
Cisco Catalyst 3550 24 DC SMI Switch
Cisco Catalyst 3550 24 EMI Switch
Cisco Catalyst 3550 24 FX SMI Switch
Cisco Catalyst 3550 24 PWR Switch
Cisco Catalyst 3550 24 SMI Switch
Cisco Catalyst 3550 48 EMI Switch
Cisco Catalyst 3550 48 SMI Switch
Cisco Catalyst 3560-12PC-S Compact Switch
Cisco Catalyst 3560-24PS Switch
Cisco Catalyst 3560-24TS Switch
Cisco Catalyst 3560-48PS Switch
Cisco Catalyst 3560-48TS Switch
Cisco Catalyst 3560-8PC Compact Switch
Cisco Catalyst 3560C-12PC-S Switch
Cisco Catalyst 3560C-8PC-S Switch
Cisco Catalyst 3560CG-8PC-S Compact Switch
Cisco Catalyst 3560CG-8TC-S Compact Switch
Cisco Catalyst 3560CPD-8PT-S Compact Switch
Cisco Catalyst 3560CX-12PC-S Switch
Cisco Catalyst 3560CX-12PD-S Switch
Cisco Catalyst 3560CX-12TC-S Switch
Cisco Catalyst 3560CX-8PC-S Switch
Cisco Catalyst 3560CX-8PT-S Switch
Cisco Catalyst 3560CX-8TC-S Switch
Cisco Catalyst 3560CX-8XPD-S Switch
Cisco Catalyst 3560E-12D-E Switch
Cisco Catalyst 3560E-12D-S Switch
Cisco Catalyst 3560E-12SD-E Switch
Cisco Catalyst 3560E-12SD-S Switch
Cisco Catalyst 3560E-24PD-E Switch
Cisco Catalyst 3560E-24PD-S Switch
Cisco Catalyst 3560E-24TD-E Switch
Cisco Catalyst 3560E-24TD-S Switch
Cisco Catalyst 3560E-48PD-E Switch
Cisco Catalyst 3560E-48PD-EF Switch
Cisco Catalyst 3560E-48PD-S Switch
Cisco Catalyst 3560E-48PD-SF Switch
Cisco Catalyst 3560E-48TD-E Switch
Cisco Catalyst 3560E-48TD-S Switch
Cisco Catalyst 3560G-24PS Switch
Cisco Catalyst 3560G-24TS Switch
Cisco Catalyst 3560G-48PS Switch
Cisco Catalyst 3560G-48TS Switch
Cisco Catalyst 3560V2-24DC Switch
Cisco Catalyst 3560V2-24PS Switch
Cisco Catalyst 3560V2-24TS Switch
Cisco Catalyst 3560V2-48PS Switch
Cisco Catalyst 3560V2-48TS Switch
Cisco Catalyst 3560X-24P-E Switch
Cisco Catalyst 3560X-24P-L Switch
Cisco Catalyst 3560X-24P-S Switch
Cisco Catalyst 3560X-24T-E Switch
Cisco Catalyst 3560X-24T-L Switch
Cisco Catalyst 3560X-24T-S Switch
Cisco Catalyst 3560X-24U-E Switch
Cisco Catalyst 3560X-24U-L Switch
Cisco Catalyst 3560X-24U-S Switch
Cisco Catalyst 3560X-48P-E Switch
Cisco Catalyst 3560X-48P-L Switch
Cisco Catalyst 3560X-48P-S Switch
Cisco Catalyst 3560X-48PF-E Switch
Cisco Catalyst 3560X-48PF-L Switch
Cisco Catalyst 3560X-48PF-S Switch
Cisco Catalyst 3560X-48T-E Switch
Cisco Catalyst 3560X-48T-L Switch
Cisco Catalyst 3560X-48T-S Switch
Cisco Catalyst 3560X-48U-E Switch
Cisco Catalyst 3560X-48U-L Switch
Cisco Catalyst 3560X-48U-S Switch
Cisco Catalyst 3750 Metro 24-AC Switch
Cisco Catalyst 3750 Metro 24-DC Switch
Cisco Catalyst 3750-24FS Switch
Cisco Catalyst 3750-24PS Switch
Cisco Catalyst 3750-24TS Switch
Cisco Catalyst 3750-48PS Switch
Cisco Catalyst 3750-48TS Switch
Cisco Catalyst 3750E-24PD-E Switch
Cisco Catalyst 3750E-24PD-S Switch
Cisco Catalyst 3750E-24TD-E Switch
Cisco Catalyst 3750E-24TD-S Switch
Cisco Catalyst 3750E-48PD-E Switch
Cisco Catalyst 3750E-48PD-EF Switch
Cisco Catalyst 3750E-48PD-S Switch
Cisco Catalyst 3750E-48PD-SF Switch
Cisco Catalyst 3750E-48TD-E Switch
Cisco Catalyst 3750E-48TD-S Switch
Cisco Catalyst 3750G-12S Switch
Cisco Catalyst 3750G-12S-SD Switch
Cisco Catalyst 3750G-16TD Switch
Cisco Catalyst 3750G-24PS Switch
Cisco Catalyst 3750G-24T Switch
Cisco Catalyst 3750G-24TS Switch
Cisco Catalyst 3750G-24TS-1U Switch
Cisco Catalyst 3750G-48PS Switch
Cisco Catalyst 3750G-48TS Switch
Cisco Catalyst 3750V2-24FS Switch
Cisco Catalyst 3750V2-24PS Switch
Cisco Catalyst 3750V2-24TS Switch
Cisco Catalyst 3750V2-48PS Switch
Cisco Catalyst 3750V2-48TS Switch
Cisco Catalyst 3750X-12S-E Switch
Cisco Catalyst 3750X-12S-S Switch
Cisco Catalyst 3750X-24P-E Switch
Cisco Catalyst 3750X-24P-L Switch
Cisco Catalyst 3750X-24P-S Switch
Cisco Catalyst 3750X-24S-E Switch
Cisco Catalyst 3750X-24S-S Switch
Cisco Catalyst 3750X-24T-E Switch
Cisco Catalyst 3750X-24T-L Switch
Cisco Catalyst 3750X-24T-S Switch
Cisco Catalyst 3750X-24U-E Switch
Cisco Catalyst 3750X-24U-L Switch
Cisco Catalyst 3750X-24U-S Switch
Cisco Catalyst 3750X-48P-E Switch
Cisco Catalyst 3750X-48P-L Switch
Cisco Catalyst 3750X-48P-S Switch
Cisco Catalyst 3750X-48PF-E Switch
Cisco Catalyst 3750X-48PF-L Switch
Cisco Catalyst 3750X-48PF-S Switch
Cisco Catalyst 3750X-48T-E Switch
Cisco Catalyst 3750X-48T-L Switch
Cisco Catalyst 3750X-48T-S Switch
Cisco Catalyst 3750X-48U-E Switch
Cisco Catalyst 3750X-48U-L Switch
Cisco Catalyst 3750X-48U-S Switch
Cisco Catalyst 4000 Supervisor Engine I
Cisco Catalyst 4000/4500 Supervisor Engine IV
Cisco Catalyst 4000/4500 Supervisor Engine V
Cisco Catalyst 4500 Series Supervisor Engine II-Plus
Cisco Catalyst 4500 Series Supervisor Engine II-Plus-TS
Cisco Catalyst 4500 Series Supervisor Engine V-10GE
Cisco Catalyst 4500 Series Supervisor II-Plus-10GE
Cisco Catalyst 4500 Supervisor Engine 6-E
Cisco Catalyst 4500 Supervisor Engine 6L-E
Cisco Catalyst 4900M Switch
Cisco Catalyst 4928 10 Gigabit Ethernet Switch
Cisco Catalyst 4948 10 Gigabit Ethernet Switch
Cisco Catalyst 4948 Switch
Cisco Catalyst 4948E Ethernet Switch
Cisco Catalyst 4948E-F Ethernet Switch
Cisco Catalyst Blade Switch 3020 for HP
Cisco Catalyst Blade Switch 3030 for Dell
Cisco Catalyst Blade Switch 3032 for Dell M1000E
Cisco Catalyst Blade Switch 3040 for FSC
Cisco Catalyst Blade Switch 3120 for HP
Cisco Catalyst Blade Switch 3120X for HP
Cisco Catalyst Blade Switch 3130 for Dell M1000E
Cisco Catalyst C2928-24LT-C Switch
Cisco Catalyst C2928-48TC-C Switch
Cisco Catalyst Switch Module 3012 for IBM BladeCenter
Cisco Catalyst Switch Module 3110 for IBM BladeCenter
Cisco Catalyst Switch Module 3110X for IBM BladeCenter
Cisco Embedded Service 2020 24TC CON B Switch
Cisco Embedded Service 2020 24TC CON Switch
Cisco Embedded Service 2020 24TC NCP B Switch
Cisco Embedded Service 2020 24TC NCP Switch
Cisco Embedded Service 2020 CON B Switch
Cisco Embedded Service 2020 CON Switch
Cisco Embedded Service 2020 NCP B Switch
Cisco Embedded Service 2020 NCP Switch
Cisco Enhanced Layer 2 EtherSwitch Service Module
Cisco Enhanced Layer 2/3 EtherSwitch Service Module
Cisco Gigabit Ethernet Switch Module (CGESM) for HP
Cisco IE 2000-16PTC-G Industrial Ethernet Switch
Cisco IE 2000-16T67 Industrial Ethernet Switch
Cisco IE 2000-16T67P Industrial Ethernet Switch
Cisco IE 2000-16TC Industrial Ethernet Switch
Cisco IE 2000-16TC-G Industrial Ethernet Switch
Cisco IE 2000-16TC-G-E Industrial Ethernet Switch
Cisco IE 2000-16TC-G-N Industrial Ethernet Switch
Cisco IE 2000-16TC-G-X Industrial Ethernet Switch
Cisco IE 2000-24T67 Industrial Ethernet Switch
Cisco IE 2000-4S-TS-G Industrial Ethernet Switch
Cisco IE 2000-4T Industrial Ethernet Switch
Cisco IE 2000-4T-G Industrial Ethernet Switch
Cisco IE 2000-4TS Industrial Ethernet Switch
Cisco IE 2000-4TS-G Industrial Ethernet Switch
Cisco IE 2000-8T67 Industrial Ethernet Switch
Cisco IE 2000-8T67P Industrial Ethernet Switch
Cisco IE 2000-8TC Industrial Ethernet Switch
Cisco IE 2000-8TC-G Industrial Ethernet Switch
Cisco IE 2000-8TC-G-E Industrial Ethernet Switch
Cisco IE 2000-8TC-G-N Industrial Ethernet Switch
Cisco IE 3000-4TC Industrial Ethernet Switch
Cisco IE 3000-8TC Industrial Ethernet Switch
Cisco IE-3010-16S-8PC Industrial Ethernet Switch
Cisco IE-3010-24TC Industrial Ethernet Switch
Cisco IE-4000-16GT4G-E Industrial Ethernet Switch
Cisco IE-4000-16T4G-E Industrial Ethernet Switch
Cisco IE-4000-4GC4GP4G-E Industrial Ethernet Switch
Cisco IE-4000-4GS8GP4G-E Industrial Ethernet Switch
Cisco IE-4000-4S8P4G-E Industrial Ethernet Switch
Cisco IE-4000-4T4P4G-E Industrial Ethernet Switch
Cisco IE-4000-4TC4G-E Industrial Ethernet Switch
Cisco IE-4000-8GS4G-E Industrial Ethernet Switch
Cisco IE-4000-8GT4G-E Industrial Ethernet Switch
Cisco IE-4000-8GT8GP4G-E Industrial Ethernet Switch
Cisco IE-4000-8S4G-E Industrial Ethernet Switch
Cisco IE-4000-8T4G-E Industrial Ethernet Switch
Cisco IE-4010-16S12P Industrial Ethernet Switch
Cisco IE-4010-4S24P Industrial Ethernet Switch
Cisco IE-5000-12S12P-10G Industrial Ethernet Switch
Cisco IE-5000-16S12P Industrial Ethernet Switch
Cisco ME 4924-10GE Switch
Cisco RF Gateway 10
Cisco SM-X Layer 2/3 EtherSwitch Service Module

dlots · March 21, 2017, 08:44:41 AM

You would think that it would already be disabled, and I wouldn't be arguing to disable telnet right now... Yep, that's a great thought... Yep, really really great.

NetworkGroover · March 21, 2017, 10:36:38 AM

Everyone uses SSH now... they should have simply removed it as even being an option at this point.. just silly.

deanwebb · March 21, 2017, 12:35:32 PM

Quote from: AspiringNetworker on March 21, 2017, 10:36:38 AM
Everyone uses SSH now... they should have simply removed it as even being an option at this point.. just silly.

Everyone who didn't realize massive potential savings in not putting a k9 license on all their gear and using telnet instead because the third-party support said it's easier to manage devices that way... accounting is architecture!

Take 10K devices and multiply the difference in Cisco license costs and going with telnet looks like a major bottom-line saving, cost-cutting stroke of genius to a CFO.

All the new guys, though, tend to freak out a little when they see all the telnet that still works on the gear here...

... besides, it's not much of a risk because it's all internal stuff, right? External risks are what you have to watch out for most, right?

dlots · March 21, 2017, 02:00:26 PM

Quote from: dlots on March 21, 2017, 08:44:41 AM
You would think that it would already be disabled, and I wouldn't be arguing to disable telnet right now... Yep, that's a great thought... Yep, really really great.

And you would think that if I were arguing for disabling telnet on lots of devices with a HORRIBLE exploit out there I wouldn't be loosing the argument.

NetworkGroover · March 21, 2017, 04:09:57 PM

Quote from: deanwebb on March 21, 2017, 12:35:32 PM
Quote from: AspiringNetworker on March 21, 2017, 10:36:38 AM
Everyone uses SSH now... they should have simply removed it as even being an option at this point.. just silly.

Everyone who didn't realize massive potential savings in not putting a k9 license on all their gear and using telnet instead because the third-party support said it's easier to manage devices that way... accounting is architecture!

Take 10K devices and multiply the difference in Cisco license costs and going with telnet looks like a major bottom-line saving, cost-cutting stroke of genius to a CFO.

All the new guys, though, tend to freak out a little when they see all the telnet that still works on the gear here...

... besides, it's not much of a risk because it's all internal stuff, right? External risks are what you have to watch out for most, right?

They CHARGE to run SSH!? Sorry it's been a while since I've dealt with anything Cisco.

And yeah, at the time I'm sure it made sense - hopefully now people know it's just a bad idea and maybe you should spend the extra $$$. Or just accept the risk.

SimonV · March 22, 2017, 03:43:14 AM

Quote from: AspiringNetworker on March 21, 2017, 04:09:57 PM
They CHARGE to run SSH!? Sorry it's been a while since I've dealt with anything Cisco.
And yeah, at the time I'm sure it made sense - hopefully now people know it's just a bad idea and maybe you should spend the extra $$$. Or just accept the risk.

Don't think so, SSH is standard on all the common hardware. The non-K9 images are for countries that have a ban on certain cryptographic protocols, I thought?

icecream-guy · March 22, 2017, 07:01:18 AM

Quote from: SimonV on March 22, 2017, 03:43:14 AM
Quote from: AspiringNetworker on March 21, 2017, 04:09:57 PM
They CHARGE to run SSH!? Sorry it's been a while since I've dealt with anything Cisco.
And yeah, at the time I'm sure it made sense - hopefully now people know it's just a bad idea and maybe you should spend the extra $$$. Or just accept the risk.

Don't think so, SSH is standard on all the common hardware. The non-K9 images are for countries that have a ban on certain cryptographic protocols, I thought?

k9 images are crypto, ssh runs crypto, ssh needs k9 image to run.

SimonV · March 22, 2017, 08:30:12 AM

Quote from: ristau5741 on March 22, 2017, 07:01:18 AM
Quote from: SimonV on March 22, 2017, 03:43:14 AM
Quote from: AspiringNetworker on March 21, 2017, 04:09:57 PM
They CHARGE to run SSH!? Sorry it's been a while since I've dealt with anything Cisco.
And yeah, at the time I'm sure it made sense - hopefully now people know it's just a bad idea and maybe you should spend the extra $$$. Or just accept the risk.

Don't think so, SSH is standard on all the common hardware. The non-K9 images are for countries that have a ban on certain cryptographic protocols, I thought?

k9 images are crypto, ssh runs crypto, ssh needs k9 image to run.

I know, but what I mean is that is't not related to the license but to the image. The K8 images did not contain 3DES and AES crypto and I'm pretty sure SSH is still possible. Even if you did not have the license, you could get it for free on the Cisco site. Cisco does not charge for SSH, afaik...

deanwebb · March 22, 2017, 08:31:22 AM

Quote from: AspiringNetworker on March 21, 2017, 04:09:57 PM
They CHARGE to run SSH!? Sorry it's been a while since I've dealt with anything Cisco.

And yeah, at the time I'm sure it made sense - hopefully now people know it's just a bad idea and maybe you should spend the extra $$$. Or just accept the risk.

We'll accept the risk.

Wow, that was much easier on the budget than paying for security. Anywhere else we can accept some risk?

deanwebb · March 22, 2017, 08:41:46 AM

Quote from: SimonV on March 22, 2017, 08:30:12 AM
I know, but what I mean is that is't not related to the license but to the image. The K8 images did not contain 3DES and AES crypto and I'm pretty sure SSH is still possible. Even if you did not have the license, you could get it for free on the Cisco site. Cisco does not charge for SSH, afaik...

https://supportforums.cisco.com/discussion/10968251/not-able-enable-ssh-3560

Gotta have K9 to have crypto:

Quote
The K9 code means that your IOS image contains the crypto support. If the K9 is not shown (i.e. it says IPBASE-M or IPSERVICES-M only) then your IOS does not have the crypto feature set and you will need to upgrade it.

If you want K9, you have to pay for K9. Although the Cisco Feature Navigator is pretty awful, it's still possible to use it to find versions that don't have SSH ver. 2 server support.

SimonV · March 22, 2017, 09:08:49 AM

On the Cisco Licensing Portal (www.cisco.com/go/license) you can request for free "K9" encryption licenses. As a requirement, you need to accept and declare that you are not exporting Cisco's product to embargoed destinations and countries designated as supporting terrorist activities. Countries listed in Part 746 of the EAR as embargoed destinations requiring a clearance are Cuba, Iran, North Korea, Sudan, and Syria.

dlots · March 22, 2017, 09:57:42 AM

I wonder if Cisco blocks IPs from Cuba, Iran, North Korea, Sudan, and Syria from agreeing to that.

deanwebb · March 22, 2017, 10:40:33 AM

Quote from: dlots on March 22, 2017, 09:57:42 AM
I wonder if Cisco blocks IPs from Cuba, Iran, North Korea, Sudan, and Syria from agreeing to that.

Easiest way to find out is to go to your neighbor's PC, VPN to a box in one of those countries, and start hitting Cisco.com to buy security gear.

About 30 minutes later as your neighbor is kidnapped by men in black suits driving black vans with black helicopters overhead, you'll see why I specified you do this from a neighbor's PC and not your own.