[c-nsp] disable break on boot for IOS??

neal rauhauser nrauhauser at gmail.com
Mon Jul 13 21:26:49 EDT 2009 

   This is good advice for newer machines but I've got a UBR 924 with 12.1T
code on it - 'no service password-recover' isn't an option for me. Which
config-register setting will do what I need? Seems like maybe 0x8102 would
do it, but I'm in no mood to experiment across twenty miles, especially when
I'm monitoring activity for law enforcement. This guy, he is a giant pain
where I sit and has been since I started at the first of the year.


On Mon, Jul 13, 2009 at 4:31 PM, Matthew Huff <mhuff at ox.com> wrote:

> If you are running a newer IOS and newer ROMMON you can disable
> password-recover (i.e. break during boot) using "no service
> password-recovery". Make sure to read
> http://www.cisco.com/en/US/docs/ios/12_3/12_3y/12_3ya8/gtnsvpwd.htmlcompletely, you can brick a router otherwise.
>
>
>
>
> ----
> Matthew Huff       | One Manhattanville Rd
> OTA Management LLC | Purchase, NY 10577
> http://www.ox.com  | Phone: 914-460-4039
> aim: matthewbhuff  | Fax:   914-460-4139
>
>
>
> > -----Original Message-----
> > From: cisco-nsp-bounces at puck.nether.net [mailto:cisco-nsp-
> > bounces at puck.nether.net] On Behalf Of neal rauhauser
> > Sent: Monday, July 13, 2009 5:11 PM
> > To: cisco-nsp at puck.nether.net
> > Subject: [c-nsp] disable break on boot for IOS??
> >
> >    I have a situation with a former employee who still has legitimate
> > physical access to a shared space where we have some Cisco equipment.
> > Today
> > one of our field guys located a UBR924 attached to our cable modem
> > plant
> > with the cutest little rogue Linux machine attached to its ethernet
> > port.
> >
> >    I had them recover the router's password as the first step and now
> > I'm
> > puzzling over this:
> >
> > http://www.cisco.com/en/US/products/hw/routers/ps133/products_tech_note
> > 09186a008022493f.shtml
> >
> >
> >    I recall that a machine can be set such that the break during boot
> > will
> > not permit password recovery, but it isn't clear to me how I do it. I'd
> > really like to get this machine secured so I can dig in to what he is
> > doing.
> > I'd already isolated this cable plant because I knew intrusion was
> > possible
> > but I want to see what other mischief he uses our facilities for - a
> > little
> > spice for the already meaty intrusion case against him this spring.
> >
> > --
> > mailto:Neal at layer3arts.com //
> > GoogleTalk: nrauhauser at gmail.com
> > IM: nealrauhauser
> > _______________________________________________
> > cisco-nsp mailing list  cisco-nsp at puck.nether.net
> > https://puck.nether.net/mailman/listinfo/cisco-nsp
> > archive at http://puck.nether.net/pipermail/cisco-nsp/
>



-- 
mailto:Neal at layer3arts.com //
GoogleTalk: nrauhauser at gmail.com
IM: nealrauhauser

More information about the cisco-nsp mailing list