[c-nsp] disable console port

Ed Ravin eravin at panix.com
Fri Jul 1 12:28:13 EDT 2005


On Fri, Jul 01, 2005 at 06:02:57PM +0200, Gert Doering wrote:
> On Fri, Jul 01, 2005 at 11:53:24AM -0400, Ed Ravin wrote:
> > Or grabbing the flash card with the config on it and analyzing it elsewhere.
> 
> Interesting approach, given the fact that the removable flash cards
> usually don't hold any config data (just IOS images).
> 
> It *can* be saved there, but default is "soldered-in NVRAM".

Eeek, brain fart on my part.  I started out writing "an attacker
could open your router and remove the flash chip and analyze its
contents elsewhere to get your keys", and then it occurred to me
that you might not even notice a flash CARD being yanked, then
got card and chip mixed up.

As for "soldered-in NVRAM", that's not always the case - I upgraded
the flash chip in a 1700-series router a while ago, it just popped
out of the socket.


More information about the cisco-nsp mailing list