RE: Locking Cisco Router

["Erick B." <erickbe () yahoo com>]

> From my understanding, it is still possible to get in
even with no pw recovery set. I have a capture here
showing it being done - the whole process. Haven't
tried this myself yet though.

Erick

--- "Dozal, Tim" <tdozal () cisco com> wrote:
> If you have local console access to the router and
> physical access to
> reboot the router (both needed for a PW recovery I
> believe) to get into
> rommon mode then the router is already pretty
> compromised.  During a PW
> recovery the previous programming is overwritten by
> your new setup so
> what would be gained by permanently locking a router
> other than making
> more sales for Cisco (which I won't complain about)
> after a router pw is
> lost and you now need to buy a new piece of
> hardware.
>
> I may be missing the real question here because I
> just don't see why you
> would want to make a piece of hardware permanently
> unusable if a PW is
> lost.
>
>
> -Tim
>
> (btw, these are my comments and may not be shared by
> my company nor were
> they influenced by actual company information on
> this subject... Just my
> 2cents on the question)
>
>
> -----Original Message-----
> From: Rok Pintar [mailto:rokp () news reproms si] 
> Sent: Saturday, November 16, 2002 2:22 AM
> To: security-basics () securityfocus com
> Subject: Re: Locking Cisco Router
>
>
> > is it possible to lock a cisco router to a point
> that even a password 
> > recovery cant work to enter the router.
>
> Well, there are supposed to be new 2600/3600 ROMMON
> images that allow
> you to disable password recovery. If you have it,
> you can do something
> like "no service password-recovery". 
> ROK


__________________________________________________
Do you Yahoo!?
Yahoo! Web Hosting - Let the expert host your site
http://webhosting.yahoo.com