Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
×
Security

Possible Cisco Source Code Theft 189

OmegaBlac writes "According to Ars Technica, a Russian security site is claiming that Cisco's corporate network was comprimised and about 800MB of Cisco's source code for IOS Operating System version 12.3 was stolen. I guess Cisco forgot to implement their own Self Defending Network solutions."
This discussion has been archived. No new comments can be posted.

Possible Cisco Source Code Theft

Comments Filter:
  • by imidazole2 ( 776413 ) on Sunday May 16, 2004 @08:11AM (#9166420) Homepage Journal
    Whats the deal with that!?

    if true, this could cause big problems not only for Cisco, but for the entire Internet. Cisco routers are responsible for routing much of the Internet's traffic, and the company has long practiced a policy of "security through obscurity."

    We're all screwed.
    • No we're not, because there are always alternatives, even if there's a cost associated with switching (ha ha). Cisco is screwed though... share price dip in 3... 2... My money is on an inside job, whether it happened knowingly or not. Corporate espionage is part of the deal when you get as large as Cisco, and I guess they just lost this one. Personally, I'm surprised we even heard about it.
    • by Knightmare ( 12112 ) on Sunday May 16, 2004 @10:13AM (#9167021) Homepage
      Cisco is far from the #1 security company. There has been very little emphasis on security at Cisco until the last few years. As would be evident if you have used any of their products. 90% of their products don't come standard with SSH, they all still use telnet. But for an extra fee you can install SSH, that is if you buy enough ram for the router to support that code load...

      I think Cisco is working to change their security stance but, that takes time and lots of money. The money part they have covered, Cisco has an over 3 billion dollar R/D budget and if I remember correctly 2 billion of that is focused on security right now.
    • by Anonymous Coward
      the company has long practiced a policy of "security through obscurity

      Not really... every version of Cisco IOS since 6 has been leaked. The first time I've seen IOS source was probably 6-7 years ago. I'm not even sure why this is news.
  • by Ckwop ( 707653 ) * on Sunday May 16, 2004 @08:11AM (#9166422) Homepage
    One (of the many) problem(s) with the closed source business model is the fact that the entire company can depend on this intellectual property. The security surrounding that source has to be so huge that the problem quickly becomes intractable.

    Open source however, by virtue of it being free (as in Iraq hehe), is worthless. Support contracts are alot harder to steal :P

    Let's not forget that open source provides robust security (in principle) where as for closed source we can never be sure.

    Why do we still use so much closed source stuff :/
    Simon.
    • by Anonymous Coward
      Because we (people) like making money. Life sort of works that way, you know?
    • Why do we still use so much closed source stuff :/
      Brilliant! And if everything were open source, we wouldn't need security either!! ;-)
    • by mikep.maine ( 585648 ) on Sunday May 16, 2004 @10:04AM (#9166956) Homepage
      Let's not forget that open source provides robust security (in principle) where as for closed source we can never be sure.

      Software is only secure when specific security tests are performed against it. Almost no one does much of this, or even understands it well. I doubt that in 1000 readers, more than 5 could recite the top 5, never mind the top 20 tests you must perform.

      Open source is also not inherently better at security because of it must be peered reviewed. If the reviewer doesn't know what to check, then what is the point of the review?

      Software must be security certified by professionals, whether open or otherwise.

      • I doubt that in 1000 readers, more than 5 could recite the top 5, never mind the top 20 tests you must perform.

        Care to share what those tests are?

    • Incidentally, as a side note, this is not about intellectual property, it's about trade secrets.
  • This did actually happen. A friend in an IRC channel I frequent was pasting large portions of it to show off.

    I can't help much see a nearby future full of Cisco-powered site takeovers :(
    • You would do well to report his nickname and IP address to the FBI.
    • by Frequanaut ( 135988 ) on Sunday May 16, 2004 @08:46AM (#9166556)
      Seriously, A friend of mine, in an icq conversation told me it wasn't true. Plus my mom said so as well.
      • by FreeUser ( 11483 ) on Sunday May 16, 2004 @11:01AM (#9167276)
        Seriously, A friend of mine, in an icq conversation told me it wasn't true. Plus my mom said so as well.

        Translation: Accept information only from Official Sources(tm).

        Any reports, of any event, not vetted by Your Official Corporate Public Relations Officer(tm) isn't real and has no validity.

        Do not accept word of mouth. Healthy kepticism is not sufficient (for the facts may speak for themselves and undermine Our Official Position(tm)); you are to ignore any anectdotes, any word of mouth reporting, completely and utterly.

        Indeed, you shall respond to any unofficial information with disparagement and hostility, as is your duty as a drone Consumer(tm).

        Accept the Party Line. It is the Truth(tm), all else is Heresy.

        Thank you.

        Your Cisco Security.
        ("Stooges R Us")
  • by sydb ( 176695 ) * <michael @ w d 2 1 . c o . uk> on Sunday May 16, 2004 @08:12AM (#9166425)
    CiSCO IOS?
    SecurityLab, 13 2004 CISCO IOS 12.3, 12.3t, CISCO. 800 .

    , - Cisco System. Cisco System .

    franz #darknet@EFnet IRC ( 2.5 ) .

    100 ipv6_tcp.c ipv6_discovery_test.c.


    Hope that helps!
    • by versus ( 59674 ) on Sunday May 16, 2004 @09:20AM (#9166709) Homepage
      I don't know who moderated parent as Informative (hint: use +1 Funny)

      Here is word-to-word translation (english is not my mother tongue):

      • As SecurityLabz was informed, in May 13, 2004 all source code of Cisco IOS 12.3, 12.3t was stolen. Cisco IOS is used in most Cisco network products. Full size of the stolen information is about 800 MBytes archived.
      • Source code leak was made possible because of Cisco's corporate network compromise. Cisco gave no official comments yet.

        Someone known as franz at IRC channel #darknet@EFnet showed a small part of stolen code as the proof.

        First 100 lines of source file ipv6_tcp.c and ipv6_discovery_test.c is listed below.

  • wouldn't surprise me (Score:3, Interesting)

    by fugas ( 619989 ) on Sunday May 16, 2004 @08:12AM (#9166431) Homepage
    I've worked there as a temp in 2000-2001 and the corporate network resources sure didn't seem to be that well protected... But I won't elaborate.
  • by Anonymous Coward on Sunday May 16, 2004 @08:14AM (#9166439)
    I use windows RRAS as my router and not the damned (potentially) insecure Cisco kit ;-)
  • What kind of OS is this? Embedded I would assume. If not, what kinds of things can we do with it now that it's in the open, assuming one were to get a copy?
    • Indestruct... oh, never mind.
    • Re:IOS OS (Score:5, Insightful)

      by JohnFluxx ( 413620 ) on Sunday May 16, 2004 @08:22AM (#9166472)
      Don't touch it, don't see it, don't breathe near it, if you ever plan on contributing to linux.

      Leaked code is very dangerous to open source software.
      • Re:IOS OS (Score:5, Insightful)

        by Ithika ( 703697 ) on Sunday May 16, 2004 @09:04AM (#9166644) Homepage
        Surely that's only the case if being covered by software patents... which I think the general consensus in the Linux devlopment world is that's a Bad Thing(tm). Whether they will apply in Europe is still being discussed.

        Copyright-protected code is obviously not allowed, but as long as there's a way of implementing the same thing in a different manner (always assuming that European s/w patents don't get ratified) I fail to see any issue in understanding how some other piece of software works.

        The whole SCO debacle has done more than just piss everyone off, there's been a remarkable amount of reticence to learn from code that isn't Free. By that very logic authors shouldn't be allowed to read books and composers should be banned from listening to music.

        --
        This has been a scatterbrained post on behalf of the Poorly Thougt-out Argument Party
  • Stolen...? (Score:3, Interesting)

    by Henrik S. Hansen ( 775975 ) <hsh@member.fsf.org> on Sunday May 16, 2004 @08:21AM (#9166466) Homepage
    How can the source code be stolen, when Cisco still has it?
    • Can recipes be stolen?
      Music? Design plans?
      Information in a book?
      etc
    • by real_smiff ( 611054 ) on Sunday May 16, 2004 @08:50AM (#9166569)
      ah, wait a sec (while i fetch me textbook of /. answers).. yes... i see, "it was not stolen... it was copy-right in-fringe-ment".. how was that? :)
    • Ah, ain't hypocrisy wonderful?
    • Re:Stolen...? (Score:2, Insightful)

      by Waffle Iron ( 339739 )
      Actually, it is appropriate to say that something was "stolen" in this case. That's because Cisco's code was supposed to be secret. Once their network was compromised, the secrecy is eliminated, and Cisco no longer has a secret. That's why it's common usage in English to say that somebody "stole a secret".

      This is different from calling illegal file sharing "stealing", where the information being appropriated has already been openly published. An illicit activity is taking place, and it may (indirectly) eco

      • Mod parent up, what he says is true.

        It's different from other IP, because it's not published; it's a trade secret. Music files, binary executables, etc., aren't kept secret.

        When someone reveals a secret, it's no longer a secret, so its secret-virginity has been lost; since being lost is a result of someone else's actions, there is good reason to call it "stealing."
    • Re:Stolen...? (Score:5, Insightful)

      by horza ( 87255 ) on Sunday May 16, 2004 @11:09AM (#9167335) Homepage
      How can the source code be stolen, when Cisco still has it?

      How can you have identity theft if you are still you?

      Phillip.
      • I havn't had my identity stole, it's the identity given to me that has been invalidated, and therefore no longer usefull(stolen).

        Try signing you name X next time and you could steal my identity.
      • Yeah, and how can you steal a kiss? Oh, wait... this is Slashdot. Nobody can steal a kiss anyway.

      • "Identity theft" is a euphemism for "impersonation", used to convey a sense of hostility and criminality about the idea.
      • Because identity 'theft' is not theft. A more appropriate phrase would be 'fraudulent impersonation'. The problem is, that takes too long to say, it isn't sexy, and 'theft' is the buzzword of the hour. Much like music 'piracy' isn't really piracy, but rather 'infringement'.
    • When you take intellectual property without paying for it, you have stolen intellectual property. Same reason Slashdot reports on "GPL theft" (violating the copyright of the GPL), not to mention identity theft.

      Why Slashbots continue to be hung up on the use of this simple word which describes a simple violation of the law amazes me. Anything to argue, I guess. Or remove the stigma of "thief" from an online pirate (which is the topic where this argument comes from).
      • Why Slashbots continue to be hung up on the use of this simple word which describes a simple violation of the law amazes me.



        Because it's a guaranteed "+5 Informative".

  • by puzzled ( 12525 ) on Sunday May 16, 2004 @08:22AM (#9166469) Journal

    IOS 11.3 source is definitely in the wild - I think there is a copy of it around here somewhere. I've contacted Cisco on it and they're so excited they can't even get someone from law enforcement to come and talk to me about the information on the guy who sent it to me.

    11.3 is ancient history, but 12.3 is bad bad bad ... this means new Cisco exploits as people comb through the code :-( Time to go unplug your internet connection until 12.4 is released ...
    • by Anonymous Coward
      "Time to go unplug your internet connection until 12.4 is released ..."

      If you leave your mailing address I'll send you a postcard when it does.
    • 11.3 is not ancient history. 11.3 is where Cisco began it's modular IOS conversion. You couldn't directly see it but Cisco started converting their IOS releases to a modular format in the back ground(though the images were always monolithic). 12.3 is the final step before every IOS image is the same base "IP Base" and you'd download DLLs or modules that the router could dynamically load. A release of 11.3 would be just as painfull as 12.3 because the architecture would definitely be showing is strengths
    • by AaronW ( 33736 ) on Sunday May 16, 2004 @01:21PM (#9168116) Homepage
      Good luck. Where I work we legally have access to Cisco IOS, although we're very strict and only a handful of engineers have the permissions to access it (me being one of them). The code is very clean and when I've browsed it looking to see if there's any exploits, I have thus far come up empty. The code does not look like the Microsoft code I've seen, which tends to be overly complex IMO. That's not to say we don't find bugs in Cisco's code, but generally it's very high quality.
      • Regarding your sig: This post is encrypted twice with ROT-13. Documenting or attempting to crack this encryption is illegal.

        I'm not trying to break the encryption. I'm just looking at the ciphertext, and reading my own stuff into it. :)

      • "Where I work we legally have access to Cisco IOS, although we're very strict and only a handful of engineers have the permissions to access it (me being one of them). The code is very clean and when I've browsed it looking to see if there's any exploits, I have thus far come up empty"

        Sound like the words of a Cicso employee to me..


    • I've contacted Cisco on it and they're so excited they can't even get someone from law enforcement to come and talk to me about the information on the guy who sent it to me.


      Of course, you're assuming you've provided something special. Something unique. Knowledge of code "in the wild" that Cisco's representatives don't already know about.
    • Funny, I clicked the Penny Arcade link in your signature and I was greeted by a pageful of "Warning: mysql_connect(): Can't create a new thread (errno 12)."

      "Slashdot: the bitter truth" indeed.
  • Slashdot: Read [slashdot.org] today's [slashdot.org] ArsTechnica [slashdot.org] tomorrow! [slashdot.org]
  • by Anonymous Coward on Sunday May 16, 2004 @08:26AM (#9166481)

    The rusian site contains samples of the source claimed stolen!

    If these are authentic (which I personally begin to doubth more and more) then looking at them may be problematic if you ever intend on working on IPV6 stacks from someone else then cisco. (OpenBSD?)

    Now I did have a peek at that code and I can tell it looks very fake (Obiously *don`t* take my word for it and think its safe to ignore my warning!)

    • They are attributed to only one coder per file.
    • It isn`t indented (intentional obscurity?)
    • there are way to specific includes that dont make much sence (dothis.h)
    • I have a feeling there are includes missing
    • I spotted a printf, which seams odd for an IPV6 stack or part of an OS
    • I cant see any working logic, and I cant see how the code is supposed to do what the (short and very simple) comments claim it does.
    • It looks like there are many syntax errors but without a compiler, the preprocessor directives and identation it is hard to tell.

    Also at the forum of the .ru site there is a post from someone who claim the word on the IRC channel on which the story originates is that this is a fake.... But I am not touching that channel.

    • I spotted a printf, which seams odd for an IPV6 stack or part of an OS

      IOS does interact with the user through a terminal session so printfs aren't all that unlikely.

      Of course they ought not to be in the IPv6 stack. Unless they populate packets as formatted strings.
    • by Anonymous Coward
      Now I did have a peek at that code and I can tell it looks very fake

      No they don't: one is a *test* of IPv6 functions, so there is a printf. Second if it was a fake, people taking the time to write those, would have least take the time to compile them, I mean, why spent 12 hours writing fake code, and not compiling it?

    • by cide1 ( 126814 ) on Sunday May 16, 2004 @09:15AM (#9166683) Homepage
      Yeah, I'd like to believe you, but I've seen people get away with murder in source code before. Open source coders worry a lot more about things like indentation, and filenames that make sense. In closed source shops, a lot of times what is quickly coded as a prototype becomes the shipping product, and things like indent cant be used because it breaks diffs. As much as I'd like to look with my own eyes, this sounds like one of the things it would be best if I just ignored it.
    • according to several people who have worked with the individuals named in the files, they say the sources are genuine based on their familiarity with that individual's coding style and their knowledge of cisco APIs.
  • by BabyDave ( 575083 ) on Sunday May 16, 2004 @08:27AM (#9166486)

    ... that their remote access software had a default username/password built in that couldn't be disabled. A high-level Ciso executive has threatened to sue the software providers for including such a stupid 'feature' [slashdot.org] in their product

  • by Felinoid ( 16872 ) on Sunday May 16, 2004 @08:31AM (#9166500) Homepage Journal
    This is one of the companys that helpped make the Internet what it is today.
    (I'm not talking about spam, trolls or worms)

    They have the experence to know what can or can not happen.
    Sure they use obscurity but I doupt they believe it to be a sereous security layor. Instead they probably have experts pooring over ios every day.

    It is possable to have "Many Eyes" while remaining closed. Just have many expert eyes constantly on the code instead of many more untrainned eyes occasionally disecting the code.

    It's expensive so don't expect it to happen too often.
    Microsoft delutes itself into thinking that is what they have with a team of programmers working on the code. But in reality the only people who actually see the code is the original coder and a code verifier. Just two people for every segment of code.

    But I would guess Cisco uses the expensive version of Many eyes that we get for free in open source.
  • Other vendors (Score:3, Insightful)

    by Quill_28 ( 553921 ) on Sunday May 16, 2004 @08:39AM (#9166525) Journal
    What about other companies that supply cisco with software?

    This could hurt more than just cisco.
  • Settle down... (Score:4, Interesting)

    by Graftweed ( 742763 ) on Sunday May 16, 2004 @08:48AM (#9166560)
    This reminds me of the buzz that surrounded MS's source code theft/leak. There are a couple of different things being discussed here.

    First there are the security implications. Having the source out there for all to see isn't the endgame for the internet people, with MS people thought it was a big issue because their code is, well... crappy. I don't think this is true with Cisco, and unless there are some very obvious and very damaging security holes the internet will live to see another day, so all you doomsayers out there screaming that the world is coming to an end... settle down.

    It does highlight once again the shortcomings of a security through obscurity model, but let's not go down that road again.

    The second thing, which is where the story really lies, is how this could have happened. It's Cisco after all, how could their network be compromised? Probably someone there really dropped the ball. Any specifics on how this happened?
    • Even if a detrimental flaw is found and exploited, it won't be anything new for us network admins.

      The major TCP flaw that was announced recently also affected most Cisco equipment. We just did the usual--grab the patched IOS and load it up during a maintenance window.

      Updates like this happen all the time, and the most you probably notice is your overnight porn..erm...Linux ISO downloads stopped about 3am or so.
  • Heh... (Score:2, Insightful)

    by Anonymous Coward
    Let's not forget that open source provides robust security (in principle) where as for closed source we can never be sure.

    Why do we still use so much closed source stuff :/


    SO, if you don't like it, you go out and make an OS for the Cisco routers and put it out for free - go ahead, no one is stopping you. Or go out and try and convince everyone to use your little Linux boxes as routers...oh, wait, there's just as many security issues in Linux as there are in Windows..

    But wait, there's more! With IOS
    • Re:Heh... (Score:2, Insightful)

      by sesaetaen ( 637921 )
      SO, if you don't like it, you go out and make an OS for the Cisco routers and put it out for free - go ahead, no one is stopping you.

      Apart from the fact that CISCO does not provide the necessary hardware specs, nor development kits for their products?

      blabla ... Using something else, esp based on Linux, can cause even more problems - they can gain access by any other means, shutdown or change some OTHER critical system, and it shutdown the routing...Use your frickin head.

      Billy? Is that you?
      • Re:Heh... (Score:2, Informative)

        by billygr ( 751676 ) *
        "SO, if you don't like it, you go out and make an OS for the Cisco routers and put it out for free - go ahead, no one is stopping you"

        Who said that there isn't somethink like this ?

        http://www.uclinux.org/ports/
        From uClinux page: uClinux has successfully been ported to the Cisco 2500, 3000, 4000 routers. The patch allowing uClinux to run on the Cisco 2500/3000/4000 routers was completed by Koen De Vleeschauwer"
  • by bertboerland ( 31938 ) on Sunday May 16, 2004 @09:22AM (#9166718) Homepage
    Cisco's IOS is full of uncdomented commands. An old list is available on my site
    http://boerland.com/dotu [boerland.com].

    So opening the code might reveal more undocumented commands.

    (btw: I will migrated this data towards a real CMS as hosted at home; http://willy.boerland.com/myblog [boerland.com].)
  • by wallclimber21 ( 563789 ) * on Sunday May 16, 2004 @09:27AM (#9166739)
    A quick google search on 'Ole Troan' leads to Cisco Systems, Inc. 250 Longwater Avenue Reading RG2 6GB United Kingdom If this is a fake, then at least these Russians did their homework. :-)
  • You would think that a company as large as CISCO would have had a backup.

    I cant belive it was 'stolen' from them.

    Yes that was sarcasm. Just pisses me off how the world 'theft' is perversed when it comes to digital content.

    They COPIED it people. It wasnt STOLEN. ( yes, still illegal, but much different of a concept )
    • http://dictionary.reference.com/search?q=steal&r= 6 7
      steal ( P ) Pronunciation Key (stl)
      v.

      1. To take (the property of another) without right or permission.

      http://dictionary.reference.com/search?q=theft&r =6 7
      theft ( P ) Pronunciation Key (thft)
      n.

      1. The act or an instance of stealing; larceny.


      Just pisses me off how the world 'theft' is perversed when it comes to digital content.

      They COPIED it people. It wasnt STOLEN. ( yes, still illegal, but much different of a concept )
    • What was stolen from them was the hiddenness of their code, their ability to depend on its closed-source nature to avoid people looking at the code to create exploits, possibly the marketability of the routers, and their reputation for security. It's a linguistic convenience to state that the code was stolen rather than the byproducts of the code were stolen - or more accurately, annulled, since the theives don't have that either. Much as looking at a computer = looking at its monitor, or a person chewing =
  • by Anonymous Coward on Sunday May 16, 2004 @09:49AM (#9166860)
    As anyone who works for an ISP of any size and importance will tell you, Cisco routers don't do much when it comes to the big, hard-core routing that takes place at the NAPs or even at aggregation points. Their products have historically not been up to par for the high-end demands in these environments.

    If a Juniper bug comes out, then it's time to be concerned about pieces of the Internet falling off. But then this is mitigated because there are relatively few aggregation points that can be upgraded hopefully quickly.

    Sure, a large Cisco IOS bug will hit mom and pop and small to medium business, but the big boys just don't use Cisco.
  • by CodePyro ( 627236 ) on Sunday May 16, 2004 @10:24AM (#9167100)
    "I guess Cisco forgot to implement their own Self Defending Network solutions"

    No they did implement it. But when it found out that it was outnumbered by the hackers, the self-surrender module(also know as the french module) went into effect.
  • by corrosive_nf ( 744601 ) on Sunday May 16, 2004 @10:31AM (#9167141)
    Cisco had already announced a few weeks ago that version 13 of IOS was coming out and in June they were going to dump IOS fully for a totally new os for their routers that was going to be pluggable and more secure

    http://news.com.com/2100-1033_3-5210745.html
    • Cisco's new software should indeed be much more secure, being built on top of QNX rather than their home-grown kernel. This will significantly improve their memory protection and make the system much more robust.
      • QNX is a general purpose embedded OS. If I know my history right, what became Cisco started out as a project at Stanford - to build a purpose buit router hardware/software combo.... IOS has 20 years of developement to be a router OS. Its not something they hacked together over a weekend.
      • QNX is amazingly efficient at doing I/O, especially when handling high interrupt rates. In 1983 I developed an application on QNX that could handle 12 dialup users at 2400 baud on a 4 Mhz 8086 CPU. And that was with one-char-per-interrupt 8250 UART chips.
    • Thank god there aren't a bunch of old routers out there being used by people who think they are still secure.
  • IOS source code is no big deal. It's Cisco's hardware implementation and architecture that is the real interesting part. At least for the core router functionality. Some fringe aspects would be interesting to study, but it's not really that critical.

  • On a side note, everyone on IRC/Bittorrent seems to be excited about a new leak of the NT Source Code, this time only the Kernel. Found a screenshot here: http://members.tripod.com/WinAlOS/Screenshot/sourc e.jpg
    It's on SuprNova and TorrentReactor...
  • I'm working for my CCNA, and this crap keeps happening? hell we learn how to make sure events like this dont happen.

    the source code should have been on a server on a separate subnet than the rest of the network, or on its own private network that has no access to the internet..

    putting internet access to anything is a sure fire way of getting hacked at one point or the other. so if you have really sensitive data, NEVER put it on a network that's connected to the net.
    it's like having a screen door on a vaul
    • Hahaha, Cisco does a pretty good job of protecting the source code but there are so many people that need access to it and so many locations that have it that it's not entirely suprising that it leaked. There are literally tens of thousands of people with access to at least portions of the code base. Those people are at hundreds of locations around the globe. Hell I had root access to the local ClearCase server when I was a consultant at one of their offices. Remote access in was virtually non-existant, Cis
  • by MavEtJu ( 241979 ) <<gro.ujtevam> <ta> <todhsals>> on Sunday May 16, 2004 @07:24PM (#9169844) Homepage
    Did somebody grep for "Juniper coders are weenies?"
  • its the only solution to security of source. write-only code. aka, write-once, read never. or, more accurately, write-once, read-never, execute-only.

    with this approach there is NEVER a chance that your IP can be taken. it just can't.

    (this has nothing to do with c++. while its true that c++ is a KIND of write-only language, this isn't the one I was referring to).

  • I hope in a sick way, that the cisco code or its analysis is posted somewhere online. People can then compile it for x86 machines under Linux/BSD/someother crap to turn it into a high-performance cisco router.

    I know Linux has its own routing tools, but the IOS has more features and too many net admins are used to its syntax. zebra is a nice attempt at cloning IOS, which itself is far more advanced.

"Hello again, Peabody here..." -- Mister Peabody

Working...