Yesterday, I was talking with Bob MacMillan about the new information from the San Francisco DA's office. He wrote a piece based on some of this information. One of the key elements of his story is the new claim by the prosecution that Childs has a "terminal server" on the network that they discovered a few weeks ago. They claim that although they've detected its presence, they cannot physically locate it. They do believe it is located at the 1011 Turk St. location, however. They support this claim with a Windows cmd window screenshot that shows the results of a telnet session to what appears to be a device running Cisco IOS. They do not state whether the device was discovered from within the network or from the outside.
I've been trying to figure out the set of circumstances that would prevent anyone who had access to the network devices from physically locating this device. I'm not having too much luck. If you can telnet to it, you can easily locate the switch and port that it is connected to. From there, it should be pretty straightforward to physically find the device, especially since it appears to be a Cisco router or switch and not a PC. But even though the DA's office presented this as evidence that Childs could still gain access to the network through this device, and they specifically call it a terminal server and specifically state that Childs could gain remote access in this way, they have no idea what it actually is. From what I can see, it's a device running Cisco IOS that was accessed via telnet. I could generate an identical screenshot to the one entered into evidence in about five minutes using an elderly Cisco 2924-XL Ethernet switch -- a device that's certainly not a terminal server. It's completely unclear to me how they could have possibly come to the conclusion that this is a "terminal server" -- the evidence presented to the court certainly does not support that theory.
[ Follow the Terry Childs saga with InfoWorld's special report: Terry Childs: Admin gone rogue. ]