I have a situation with a former employee who still has legitimate physical access to a shared space where we have some Cisco equipment. Today one of our field guys located a UBR924 attached to our cable modem plant with the cutest little rogue Linux machine attached to its ethernet port.
I had them recover the router's password as the first step and now I'm puzzling over this: http://www.cisco.com/en/US/products/hw/routers/ps133/products_tech_note09186a008022493f.shtml I recall that a machine can be set such that the break during boot will not permit password recovery, but it isn't clear to me how I do it. I'd really like to get this machine secured so I can dig in to what he is doing. I'd already isolated this cable plant because I knew intrusion was possible but I want to see what other mischief he uses our facilities for - a little spice for the already meaty intrusion case against him this spring. -- mailto:n...@layer3arts.com // GoogleTalk: nrauhau...@gmail.com IM: nealrauhauser _______________________________________________ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
