Is there any cyber nerd here who can explain why the routers are critical when they have had the better part of a year to potentially adulterate them? I’m not well versed in their inner workings so hopefully they are not likely to be tampered with.
The routers can reveal how the network in that building was configured. They can also keep a history of commands and changes that were done on the physical router.
It would show if there was VLANs or firewalls that were properly or improperly setup to prevent or allow network traffic from coming in or going out from specific internal subnetworks that all the election stuff was allegedly connected to. I think they know the election stuff was connected to the LAN, they just need proof that stuff on that LAN could potentially access the outside world
However, logwise the physical routers alone probably would not have any usable logs as too much time has elapsed - routers don't tend to be setup to store logs (they don't have massive storage space). Logs are usually setup to goto a syslog server and I am unsure if that was also in the scope of the subpoena.
The other stuff they had asked for in the subpoena like splunk logs and etc I can't speak on.
So the router does store some logs? Let’s say that the router was designated specifically for election cycles it should still have that information unless it was overwritten? I would hope they don’t use the router to watch YouTube after an election. I assume it falls under some umbrella as sensitive material.
Yep routers can store logs. There are many types of logs and log levels. One type of log is the command log. If any one is familiar with a command line it is the same concept (you can press the up arrow to call back issued commands).
In more advanced routers a command can be issued to see that command buffer. That buffer itself usually has a default number of "history" and in some cases can be configured to "remember" more or less commands. I know with cisco routers there are a few ways to clear/purge/delete/reset the command history.
Network traffic logs, over time, take up a considerable amount of space - obviously the more traffic there is the more logs are generated. Routers don't typically have a large storage space for logs (they certainly can store network traffic logs if configured to do so). Also having one router handle all logging is bad practice as it is a single point of failure. It is better to configure the router to send all logs to a log server that can easily be mirrored/replicated and backed up on a regular basis.
I doubt that the router was specifically deployed for the election. The router(s) in question I believe are for the local county government. So it is just part of the normal local government network that runs all the day to day things county wide. From the tax assessor to the sheriff etc.
When the election happened allegedly election equipment was connected to the LAN (Local Area Network) of whatever building they held the election equipment in. That LAN would have been connected to the county wide network and could potentially have access to the outside world. Once they have some one look at the router(s), they would be able to see how they were configured and be able to determine if network traffic would have been able to flow from election equipment to the outside world. (if there was mobile data involved that is a whole 'nother can of worms)
Is there any cyber nerd here who can explain why the routers are critical when they have had the better part of a year to potentially adulterate them? I’m not well versed in their inner workings so hopefully they are not likely to be tampered with.
The routers can reveal how the network in that building was configured. They can also keep a history of commands and changes that were done on the physical router.
It would show if there was VLANs or firewalls that were properly or improperly setup to prevent or allow network traffic from coming in or going out from specific internal subnetworks that all the election stuff was allegedly connected to. I think they know the election stuff was connected to the LAN, they just need proof that stuff on that LAN could potentially access the outside world
However, logwise the physical routers alone probably would not have any usable logs as too much time has elapsed - routers don't tend to be setup to store logs (they don't have massive storage space). Logs are usually setup to goto a syslog server and I am unsure if that was also in the scope of the subpoena.
The other stuff they had asked for in the subpoena like splunk logs and etc I can't speak on.
So the router does store some logs? Let’s say that the router was designated specifically for election cycles it should still have that information unless it was overwritten? I would hope they don’t use the router to watch YouTube after an election. I assume it falls under some umbrella as sensitive material.
Yep routers can store logs. There are many types of logs and log levels. One type of log is the command log. If any one is familiar with a command line it is the same concept (you can press the up arrow to call back issued commands).
In more advanced routers a command can be issued to see that command buffer. That buffer itself usually has a default number of "history" and in some cases can be configured to "remember" more or less commands. I know with cisco routers there are a few ways to clear/purge/delete/reset the command history.
Network traffic logs, over time, take up a considerable amount of space - obviously the more traffic there is the more logs are generated. Routers don't typically have a large storage space for logs (they certainly can store network traffic logs if configured to do so). Also having one router handle all logging is bad practice as it is a single point of failure. It is better to configure the router to send all logs to a log server that can easily be mirrored/replicated and backed up on a regular basis.
I doubt that the router was specifically deployed for the election. The router(s) in question I believe are for the local county government. So it is just part of the normal local government network that runs all the day to day things county wide. From the tax assessor to the sheriff etc.
When the election happened allegedly election equipment was connected to the LAN (Local Area Network) of whatever building they held the election equipment in. That LAN would have been connected to the county wide network and could potentially have access to the outside world. Once they have some one look at the router(s), they would be able to see how they were configured and be able to determine if network traffic would have been able to flow from election equipment to the outside world. (if there was mobile data involved that is a whole 'nother can of worms)
Interesting, thanks for the run down. Would the configurations for the router be able to be changed without a previous footprint?