[c-nsp] disable break on boot for IOS??
Matthew Huff
mhuff at ox.com
Mon Jul 13 17:31:10 EDT 2009
If you are running a newer IOS and newer ROMMON you can disable password-recover (i.e. break during boot) using "no service password-recovery". Make sure to read http://www.cisco.com/en/US/docs/ios/12_3/12_3y/12_3ya8/gtnsvpwd.html completely, you can brick a router otherwise.
----
Matthew Huff | One Manhattanville Rd
OTA Management LLC | Purchase, NY 10577
http://www.ox.com | Phone: 914-460-4039
aim: matthewbhuff | Fax: 914-460-4139
> -----Original Message-----
> From: cisco-nsp-bounces at puck.nether.net [mailto:cisco-nsp-
> bounces at puck.nether.net] On Behalf Of neal rauhauser
> Sent: Monday, July 13, 2009 5:11 PM
> To: cisco-nsp at puck.nether.net
> Subject: [c-nsp] disable break on boot for IOS??
>
> I have a situation with a former employee who still has legitimate
> physical access to a shared space where we have some Cisco equipment.
> Today
> one of our field guys located a UBR924 attached to our cable modem
> plant
> with the cutest little rogue Linux machine attached to its ethernet
> port.
>
> I had them recover the router's password as the first step and now
> I'm
> puzzling over this:
>
> http://www.cisco.com/en/US/products/hw/routers/ps133/products_tech_note
> 09186a008022493f.shtml
>
>
> I recall that a machine can be set such that the break during boot
> will
> not permit password recovery, but it isn't clear to me how I do it. I'd
> really like to get this machine secured so I can dig in to what he is
> doing.
> I'd already isolated this cable plant because I knew intrusion was
> possible
> but I want to see what other mischief he uses our facilities for - a
> little
> spice for the already meaty intrusion case against him this spring.
>
> --
> mailto:Neal at layer3arts.com //
> GoogleTalk: nrauhauser at gmail.com
> IM: nealrauhauser
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
More information about the cisco-nsp
mailing list