If you are running a newer IOS and newer ROMMON you can disable password-recover (i.e. break during boot) using "no service password-recovery". Make sure to read http://www.cisco.com/en/US/docs/ios/12_3/12_3y/12_3ya8/gtnsvpwd.html completely, you can brick a router otherwise.
---- Matthew Huff | One Manhattanville Rd OTA Management LLC | Purchase, NY 10577 http://www.ox.com | Phone: 914-460-4039 aim: matthewbhuff | Fax: 914-460-4139 > -----Original Message----- > From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp- > boun...@puck.nether.net] On Behalf Of neal rauhauser > Sent: Monday, July 13, 2009 5:11 PM > To: cisco-nsp@puck.nether.net > Subject: [c-nsp] disable break on boot for IOS?? > > I have a situation with a former employee who still has legitimate > physical access to a shared space where we have some Cisco equipment. > Today > one of our field guys located a UBR924 attached to our cable modem > plant > with the cutest little rogue Linux machine attached to its ethernet > port. > > I had them recover the router's password as the first step and now > I'm > puzzling over this: > > http://www.cisco.com/en/US/products/hw/routers/ps133/products_tech_note > 09186a008022493f.shtml > > > I recall that a machine can be set such that the break during boot > will > not permit password recovery, but it isn't clear to me how I do it. I'd > really like to get this machine secured so I can dig in to what he is > doing. > I'd already isolated this cable plant because I knew intrusion was > possible > but I want to see what other mischief he uses our facilities for - a > little > spice for the already meaty intrusion case against him this spring. > > -- > mailto:n...@layer3arts.com // > GoogleTalk: nrauhau...@gmail.com > IM: nealrauhauser > _______________________________________________ > cisco-nsp mailing list cisco-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/cisco-nsp > archive at http://puck.nether.net/pipermail/cisco-nsp/ _______________________________________________ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/