alt Hacker NewsAnyone seen a CC- serial prefix on legacy networking hardware?
don't want to file a decom report with a gap so I figured I would ask here.
On a contract job clearing out a data center doing routine stuff like taking inventory and audits before we decommission hardware. The issue is there is one node that keeps coming back that isn't in the documentation. ip is in the 46.28.x.x range Its not in the facilities registry though. Ran it through RIPE and ARIN to find nothing.
The latency is what is getting me though. 0.4 round trip every time. Tested from multiple machines including a phone on LTE to get the same response time. That should theoretically mean I am right next to the machine which doesn't make sense across three different connections.
Checked the physical hardware and it's nothing I've ever seen before. Not standard 1U or 2U ports maybe proprietary. serial format is:
CC-[4 digits]-[2 digits]-[6 alphanumeric]
CC prefix doesn't math Cisco, Ibm, Dec, 3com or anything. went back through the facility's historical logs. node appears in their earliest available records, which go back to 1994. facility was built in 1997.
has anyone seen a CC- serial prefix before? or have an explanation for the latency consistency?
Comments
>The latency is what is getting me though. 0.4 round trip every time. Tested from multiple machines including a phone on LTE to get the same response time. That should theoretically mean I am right next to the machine which doesn't make sense across three different connections.
It means your 3 different connections have decent connectivity to whatever host currently responds to ping for that IP. You cant really derive much more than that from a ping. If it has been there since 1994 it might have been decommed and the IP reassigned. I would suggest a scream test to be honest, especially if you have orders to remove it anyway, seeing if the pings stop responding when you remove the power or networking will tell you more.
CyberChron. If you don't need to know, don't ask.
And you're also assuming that all the pings are being returned by this box.
The latency is what is getting me though. 0.4 round trip every time. Tested from multiple machines including a phone on LTE to get the same response time.
A picture would be nice and avoid a lengthy game of Hacker News Charades.
Is this the hardware you have? [1]
That's some kind of encryption box. It has a "zeroize" button, to clear the keys in an emergency. It might have something that forces uniform latency to make traffic analysis more difficult. Some cryptosystems are totally synchronous, and send random bits at a constant rate when there's no data.
[1] https://www.artisantg.com/TestMeasurement/89462-1/Cyberchron...
CVC3000, they should send some guys in dark suits and glasses to pick it up.
Could the latency consistency be something designed to make it difficult to pinpoint its location? It sounds like you found the hardware and are just wondering what it is?
Well ain't this place a geographical oddity! 0.4ms from everywhere!
Lots of ASNs in 46.28.0.0/16 What’s the actual netblock?
Would looking at the device's MAC address (which you can get from arp) help? That would give you at least the manufacturer of the network interface.
This is assuming you're on the same subnet.
Perhaps a CC-Mail server?
https://en.wikipedia.org/wiki/Cc:Mail
If so, you should be able to telnet to that IP on port 3264 [https://www.ietf.org/rfc/rfc1700]
I think this doesn't make sense. Is there actually a realistic mechanism that makes this possible, or is there a gap in my hardware knowledge?
Can you see if the media is carrying 802.1Q traffic tagged 986?
Is it in what looks like a luggage/waterproof case? If so, that’s milspec networking hardware.
[flagged]
0.4 what latency? 0.4 s or 0.4 ms, or something else? Because if it's 0.4 ms, that seems to be very local, and possibly even impossible on LTE because of network latency. I'm not even sure 5G manages to get under 1 ms of latency.