Home page logo
/

basics logo Security Basics mailing list archives

RE: Locking Cisco Router
From: "Erick B." <erickbe () yahoo com>
Date: Tue, 19 Nov 2002 19:58:46 -0800 (PST)

From my understanding, it is still possible to get in
even with no pw recovery set. I have a capture here
showing it being done - the whole process. Haven't
tried this myself yet though.

Erick

--- "Dozal, Tim" <tdozal () cisco com> wrote:
If you have local console access to the router and
physical access to
reboot the router (both needed for a PW recovery I
believe) to get into
rommon mode then the router is already pretty
compromised.  During a PW
recovery the previous programming is overwritten by
your new setup so
what would be gained by permanently locking a router
other than making
more sales for Cisco (which I won't complain about)
after a router pw is
lost and you now need to buy a new piece of
hardware.

I may be missing the real question here because I
just don't see why you
would want to make a piece of hardware permanently
unusable if a PW is
lost.


-Tim

(btw, these are my comments and may not be shared by
my company nor were
they influenced by actual company information on
this subject... Just my
2cents on the question)


-----Original Message-----
From: Rok Pintar [mailto:rokp () news reproms si] 
Sent: Saturday, November 16, 2002 2:22 AM
To: security-basics () securityfocus com
Subject: Re: Locking Cisco Router


is it possible to lock a cisco router to a point
that even a password 
recovery cant work to enter the router.

Well, there are supposed to be new 2600/3600 ROMMON
images that allow
you to disable password recovery. If you have it,
you can do something
like "no service password-recovery". 
ROK


__________________________________________________
Do you Yahoo!?
Yahoo! Web Hosting - Let the expert host your site
http://webhosting.yahoo.com


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]