Home page logo

basics logo Security Basics mailing list archives

RE: Locking Cisco Router
From: "Erick B." <erickbe () yahoo com>
Date: Tue, 19 Nov 2002 19:58:46 -0800 (PST)

From my understanding, it is still possible to get in
even with no pw recovery set. I have a capture here
showing it being done - the whole process. Haven't
tried this myself yet though.


--- "Dozal, Tim" <tdozal () cisco com> wrote:
If you have local console access to the router and
physical access to
reboot the router (both needed for a PW recovery I
believe) to get into
rommon mode then the router is already pretty
compromised.  During a PW
recovery the previous programming is overwritten by
your new setup so
what would be gained by permanently locking a router
other than making
more sales for Cisco (which I won't complain about)
after a router pw is
lost and you now need to buy a new piece of

I may be missing the real question here because I
just don't see why you
would want to make a piece of hardware permanently
unusable if a PW is


(btw, these are my comments and may not be shared by
my company nor were
they influenced by actual company information on
this subject... Just my
2cents on the question)

-----Original Message-----
From: Rok Pintar [mailto:rokp () news reproms si] 
Sent: Saturday, November 16, 2002 2:22 AM
To: security-basics () securityfocus com
Subject: Re: Locking Cisco Router

is it possible to lock a cisco router to a point
that even a password 
recovery cant work to enter the router.

Well, there are supposed to be new 2600/3600 ROMMON
images that allow
you to disable password recovery. If you have it,
you can do something
like "no service password-recovery". 

Do you Yahoo!?
Yahoo! Web Hosting - Let the expert host your site

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]