This is good advice for newer machines but I've got a UBR 924 with 12.1T code on it - 'no service password-recover' isn't an option for me. Which config-register setting will do what I need? Seems like maybe 0x8102 would do it, but I'm in no mood to experiment across twenty miles, especially when I'm monitoring activity for law enforcement. This guy, he is a giant pain where I sit and has been since I started at the first of the year.
On Mon, Jul 13, 2009 at 4:31 PM, Matthew Huff <mh...@ox.com> wrote: > If you are running a newer IOS and newer ROMMON you can disable > password-recover (i.e. break during boot) using "no service > password-recovery". Make sure to read > http://www.cisco.com/en/US/docs/ios/12_3/12_3y/12_3ya8/gtnsvpwd.htmlcompletely, > you can brick a router otherwise. > > > > > ---- > Matthew Huff | One Manhattanville Rd > OTA Management LLC | Purchase, NY 10577 > http://www.ox.com | Phone: 914-460-4039 > aim: matthewbhuff | Fax: 914-460-4139 > > > > > -----Original Message----- > > From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp- > > boun...@puck.nether.net] On Behalf Of neal rauhauser > > Sent: Monday, July 13, 2009 5:11 PM > > To: cisco-nsp@puck.nether.net > > Subject: [c-nsp] disable break on boot for IOS?? > > > > I have a situation with a former employee who still has legitimate > > physical access to a shared space where we have some Cisco equipment. > > Today > > one of our field guys located a UBR924 attached to our cable modem > > plant > > with the cutest little rogue Linux machine attached to its ethernet > > port. > > > > I had them recover the router's password as the first step and now > > I'm > > puzzling over this: > > > > http://www.cisco.com/en/US/products/hw/routers/ps133/products_tech_note > > 09186a008022493f.shtml > > > > > > I recall that a machine can be set such that the break during boot > > will > > not permit password recovery, but it isn't clear to me how I do it. I'd > > really like to get this machine secured so I can dig in to what he is > > doing. > > I'd already isolated this cable plant because I knew intrusion was > > possible > > but I want to see what other mischief he uses our facilities for - a > > little > > spice for the already meaty intrusion case against him this spring. > > > > -- > > mailto:n...@layer3arts.com // > > GoogleTalk: nrauhau...@gmail.com > > IM: nealrauhauser > > _______________________________________________ > > cisco-nsp mailing list cisco-nsp@puck.nether.net > > https://puck.nether.net/mailman/listinfo/cisco-nsp > > archive at http://puck.nether.net/pipermail/cisco-nsp/ > -- mailto:n...@layer3arts.com // GoogleTalk: nrauhau...@gmail.com IM: nealrauhauser _______________________________________________ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/