[c-nsp] disable break on boot for IOS??

Ivan Pepelnjak ip at ioshints.info
Tue Jul 14 01:43:08 EDT 2009 

Just make sure you test the feature (for each ROMMON release you're using)
with a known enable password first. It's somewhat impossible to break into
some ROMMON versions.

http://blog.ioshints.info/2007/12/recovering-from-disabled-password.html

Ivan
 
http://www.ioshints.info/about
http://blog.ioshints.info/

> -----Original Message-----
> From: Matthew Huff [mailto:mhuff at ox.com] 
> Sent: Monday, July 13, 2009 11:31 PM
> To: 'neal rauhauser'; 'cisco-nsp at puck.nether.net'
> Subject: Re: [c-nsp] disable break on boot for IOS??
> 
> If you are running a newer IOS and newer ROMMON you can 
> disable password-recover (i.e. break during boot) using "no 
> service password-recovery". Make sure to read 
> http://www.cisco.com/en/US/docs/ios/12_3/12_3y/12_3ya8/gtnsvpw
> d.html completely, you can brick a router otherwise.
> 
> 
> 
> 
> ----
> Matthew Huff       | One Manhattanville Rd
> OTA Management LLC | Purchase, NY 10577
> http://www.ox.com  | Phone: 914-460-4039
> aim: matthewbhuff  | Fax:   914-460-4139
> 
> 
> 
> > -----Original Message-----
> > From: cisco-nsp-bounces at puck.nether.net [mailto:cisco-nsp- 
> > bounces at puck.nether.net] On Behalf Of neal rauhauser
> > Sent: Monday, July 13, 2009 5:11 PM
> > To: cisco-nsp at puck.nether.net
> > Subject: [c-nsp] disable break on boot for IOS??
> >
> >    I have a situation with a former employee who still has 
> legitimate 
> > physical access to a shared space where we have some Cisco 
> equipment.
> > Today
> > one of our field guys located a UBR924 attached to our cable modem 
> > plant with the cutest little rogue Linux machine attached to its 
> > ethernet port.
> >
> >    I had them recover the router's password as the first 
> step and now 
> > I'm puzzling over this:
> >
> > 
> http://www.cisco.com/en/US/products/hw/routers/ps133/products_tech_not
> > e
> > 09186a008022493f.shtml
> >
> >
> >    I recall that a machine can be set such that the break 
> during boot 
> > will not permit password recovery, but it isn't clear to me 
> how I do 
> > it. I'd really like to get this machine secured so I can dig in to 
> > what he is doing.
> > I'd already isolated this cable plant because I knew intrusion was 
> > possible but I want to see what other mischief he uses our 
> facilities 
> > for - a little spice for the already meaty intrusion case 
> against him 
> > this spring.
> >
> > --
> > mailto:Neal at layer3arts.com //
> > GoogleTalk: nrauhauser at gmail.com
> > IM: nealrauhauser
> > _______________________________________________
> > cisco-nsp mailing list  cisco-nsp at puck.nether.net 
> > https://puck.nether.net/mailman/listinfo/cisco-nsp
> > archive at http://puck.nether.net/pipermail/cisco-nsp/
> 
>

More information about the cisco-nsp mailing list