Maybe I should have read the entire thread first...
In answer to the question, "Is there anyway to keep someone from plugging in
a console port and using password recovery procedure to get into a router? "
the answer is an unequivocal yes. How can that be, seeing as when you hit
the break at boot you get the rmon prompt? Easy -- put the router in a
lockable rack case, in a locked room.
As the thief who took my cell phone and $3 sunglasses from my car this
weekend proved, if you want something bad enough, no matter how worthless it
is, there is always a way to get it (And no, that was not a typo, someone
stole my $3 sunglasses -- may they rot for it too!).
K
-----
Kristopher B. Climie, CCNP, CCDP
> From: [EMAIL PROTECTED] ("Kristopher B. Climie")
> Organization: GroupStudy.com Discussion Groups
> Newsgroups: groupstudy.cisco
> Date: 12 Sep 2000 19:40:16 -0400
> Subject: Re: can you shutdown a console port?
>
> Don't forget about TACACS+ and Radius...
> K
>
> -----
> Kristopher B. Climie, CCNP, CCDP
>
>> From: [EMAIL PROTECTED] ("John Kaberna")
>> Organization: GroupStudy.com Discussion Groups
>> Newsgroups: groupstudy.cisco
>> Date: 12 Sep 2000 17:48:38 -0400
>> Subject: Re: can you shutdown a console port?
>>
>> The last statement was incorrect!!
>>
>> Console and aux ports DO NOT require a password. VTY's do however. You
>> should set a complex password on your console and aux port.
>>
>> The other thing you can do is setup local authentication which will require
>> a username and matching password. This will make it even harder to break.
>>
>> You can also weed out a few amatuers by changing your console speed to
>> something other than 9600. When I tested mine I didn't even get ascii text
>> so there is no indication the speed is set wrong. That may be different
>> with other terminal programs though (I'm using SecureCRT 3.1).
>>
>> You should be ok as long as you have physical security and good passwords
>> you likely won't have any problems.
>>
>> John
>>
>> ----- Original Message -----
>> From: beth shriver <[EMAIL PROTECTED]>
>> To: David L. Blair <[EMAIL PROTECTED]>
>> Cc: <[EMAIL PROTECTED]>
>> Sent: Tuesday, September 12, 2000 12:52 PM
>> Subject: Re: can you shutdown a console port?
>>
>>
>>> if you use the password recovery technique and hit
>>> break during boot . and go to rommon mode.. would the
>>> router even know there is a password on the console?
>>> thanks
>>> Beth
>>> --- "David L. Blair" <[EMAIL PROTECTED]> wrote:
>>>> require a password on the console port and do not
>>>> supply a password. That
>>>> will effectively deny all access via the console
>>>> port.
>>>>
>>>> -dlb
>>>>
>>>> ----- Original Message -----
>>>> From: "beth shriver" <[EMAIL PROTECTED]>
>>>> Newsgroups: groupstudy.cisco
>>>> Sent: Tuesday, September 12, 2000 8:43 AM
>>>> Subject: can you shutdown a console port?
>>>>
>>>>
>>>>> Is there anyway to keep someone from plugging in a
>>>>> console port and using password recovery procedure
>>>> to
>>>>> get into a router? for instance if you have a
>>>> router
>>>>> at a remote site and someone decides they want to
>>>>> alter your config etc. what could stop them?
>>>> (besides
>>>>> a huge padlock ?)
>>>>>
>>>>>
>>>>> __________________________________________________
>>>>> Do You Yahoo!?
>>>>> Yahoo! Mail - Free email you can access from
>>>> anywhere!
>>>>> http://mail.yahoo.com/
>>>>>
>>>>> **NOTE: New CCNA/CCDA List has been formed. For
>>>> more information go to
>>>>> http://www.groupstudy.com/list/Associates.html
>>>>> _________________________________
>>>>> UPDATED Posting Guidelines:
>>>> http://www.groupstudy.com/list/guide.html
>>>>> FAQ, list archives, and subscription info:
>>>> http://www.groupstudy.com
>>>>> Report misconduct and Nondisclosure violations to
>>>> [EMAIL PROTECTED]
>>>>>
>>>
>>>
>>> __________________________________________________
>>> Do You Yahoo!?
>>> Yahoo! Mail - Free email you can access from anywhere!
>>> http://mail.yahoo.com/
>>>
>>> **NOTE: New CCNA/CCDA List has been formed. For more information go to
>>> http://www.groupstudy.com/list/Associates.html
>>> _________________________________
>>> UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
>>> FAQ, list archives, and subscription info: http://www.groupstudy.com
>>> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>>
>> **NOTE: New CCNA/CCDA List has been formed. For more information go to
>> http://www.groupstudy.com/list/Associates.html
>> _________________________________
>> UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
>> FAQ, list archives, and subscription info: http://www.groupstudy.com
>> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>>
>
> **NOTE: New CCNA/CCDA List has been formed. For more information go to
> http://www.groupstudy.com/list/Associates.html
> _________________________________
> UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
> FAQ, list archives, and subscription info: http://www.groupstudy.com
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>
**NOTE: New CCNA/CCDA List has been formed. For more information go to
http://www.groupstudy.com/list/Associates.html
_________________________________
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
