Home page logo

basics logo Security Basics mailing list archives

RE: Locking Cisco Router
From: "Dozal, Tim" <tdozal () cisco com>
Date: Mon, 18 Nov 2002 13:56:51 -0800

If you have local console access to the router and physical access to
reboot the router (both needed for a PW recovery I believe) to get into
rommon mode then the router is already pretty compromised.  During a PW
recovery the previous programming is overwritten by your new setup so
what would be gained by permanently locking a router other than making
more sales for Cisco (which I won't complain about) after a router pw is
lost and you now need to buy a new piece of hardware.

I may be missing the real question here because I just don't see why you
would want to make a piece of hardware permanently unusable if a PW is


(btw, these are my comments and may not be shared by my company nor were
they influenced by actual company information on this subject... Just my
2cents on the question)

-----Original Message-----
From: Rok Pintar [mailto:rokp () news reproms si] 
Sent: Saturday, November 16, 2002 2:22 AM
To: security-basics () securityfocus com
Subject: Re: Locking Cisco Router

is it possible to lock a cisco router to a point that even a password 
recovery cant work to enter the router.

Well, there are supposed to be new 2600/3600 ROMMON images that allow
you to disable password recovery. If you have it, you can do something
like "no service password-recovery". 

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]