If I may, I believe that you have two options here.
The fact is that you've already 'caught' the person
from the sounds of your message. One would then assume
that you desire a prevention method for future
'attacks.' Since this person has physical access to
the router, you may only be left with a lock on the
closet or management taking drastic action. Either
approach may help, but I doubt either would be
completely successful. The fact that this person
intentionally bounced a 7000 series router - at least
in my shops - would be enough for termination.
However, there is an alternative. Approach this chap
with or without management, and propose that you
mentor them (as it appears thay have an interesting in
learning this stuff). Make clear that power downs of
the router would not normally result in a password
change, so there is a clear signal that a normal power
outage would not be a viable excuse. See about giving
him a user account (non-enable) or sending him show
tech outputs to decypher - the passwords are masked.
With T+ you could even give him limited enable rights.
While I never powered down a router to hack it in my
career, I did make a pain of myself to get access to
the closets and shadow the networking guys. I'd much
rather have that kind of person as an ally than a
threat. ;)
--- [EMAIL PROTECTED] wrote:
> Greetings,
>
> I've a 7000 router in a remote location and it seems
>
> the local admin hacking in by using the power outage
>
> excuse. He changes the password by rebooting the
> router and peeks around. I'm trying to catch him in
>
> the act or log his activities, any ideas?????
>
> Thanks,
>
> Nabil
>
> ___________________________________
> UPDATED Posting Guidelines:
> http://www.groupstudy.com/list/guide.html
> FAQ, list archives, and subscription info:
> http://www.groupstudy.com
> Report misconduct and Nondisclosure violations to
[EMAIL PROTECTED]
=====
Robert Padjen
__________________________________________________
Do You Yahoo!?
Send instant messages with Yahoo! Messenger.
http://im.yahoo.com/
___________________________________
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
