Subnets began dropping off the MortgageIT network one after another. Entire bank branches went offline for days as Joe Bruner, network engineering manager there at the time, scrambled to purchase and install replacement parts.

At first, he figured some of the new WAN interface cards (WIC) he recently installed to upgrade 50 Cisco 2811 routers during expansion and reorganization were faulty. But as more routers failed and dropped off the network, Bruner realized he was dealing with fakes.

Thirty cards turned out to be counterfeit, he says. Despite repeated calls and e-mails to his supplier, Atec Group, the issue was not resolved.

Nor did he get an answer to the most important question: How did a registered Cisco reseller (also a platinum Network Appliance) partner and gold partner to Microsoft and Symantec acquire the counterfeit WICs in the first place?

What he didn't know was that phony network equipment had been quietly creeping into sales and distribution channels since early 2004, when manufacturers began seeing more returns, faster mean-time between failures and higher failure rates, says Nick Tidd, vice president of North American channels for 3Com and president of the Alliance for Gray Market and Counterfeit Abatement (AGMA).

Counterfeit gear has become a big problem that could put networks - and health and safety - at risk. "Nobody wants to say they've got counterfeit gear inside their enterprises that can all of a sudden stop working. But it's all over the place, just like pirated software is everywhere," says Sharon Mills, director of IT procurement organization Caucus.

Because clones and packaging are getting more realistic, many people don't realize they have counterfeit network equipment until it's installed and begins acting quirky. Outages and failures are often the tip-off that the gear is fake.

• Don't shop on eBay for deeply discounted gear, particularly from sellers in China.

• Don't go outside your trusted channel to buy critical network components.

• If you're in the market for refurbished gear, the safest bet is to purchase certified products through the manufacturer.

• Check serial numbers against the vendor database.

• Check the packaging carefully, inspecting for anything out of the ordinary in the logo, size and type of packaging materials by comparing them with others in the same shipment.

• Closely examine the gear and compare holograms and chip sets.

There are no statistics specific to network hardware counterfeit rates. But according to a white paper by AGMA and consulting company KPMG, counterfeit products account for nearly 10 percent of the overall IT products market.

"That's $100 billion in fake memory sticks, drives, monitors, networking gear and other IT products floating around out there in black and gray market channels. This has huge implications for the enterprise," says Tidd, who became involved in his first counterfeit case in 2001. That case led him to a Canadian reseller who also was under investigation by HP. Out of that case, 3Com and HP, along with Cisco and Nortel, founded AGMA.

Vendors and resellers started seeing counterfeit in the gray-market channel where used and refurbished products are sold, says Phillip Wright, director of worldwide brand protection for Cisco, which is the most counterfeited brand. That's when the supply of out-of-box secondhand equipment from the dot-com fallout dried up.

"Users got a taste for new used equipment at bargain prices. So counterfeiters moved in to meet the demand," Wright says. "It didn't help that some resellers turned a blind eye to possible counterfeit so they could keep their own revenue streams going."