Correct me if I'm wrong -- if you input something like 'no service
password-recovery' doesn't it go into the running config, and then into
flash if you save the running config there? So if you restart the router
with a cable in the console and send it a break, you'll boot into ROMMON and
it will never look at the config that's in flash, and you can have your way
with it. Right?
----- Original Message -----
From: Chris McCoy <[EMAIL PROTECTED]>
To: John Kaberna <[EMAIL PROTECTED]>; beth shriver
<[EMAIL PROTECTED]>; David L. Blair <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Tuesday, September 12, 2000 9:18 PM
Subject: Re: can you shutdown a console port?
> There's an undocumented command called 'no service password-recovery'
which
> will keep people from breaking into routers. Make sure you have a way in,
> otherwise!
>
> Chris M.
>
> ----- Original Message -----
> From: "John Kaberna" <[EMAIL PROTECTED]>
> To: "beth shriver" <[EMAIL PROTECTED]>; "David L. Blair"
> <[EMAIL PROTECTED]>
> Cc: <[EMAIL PROTECTED]>
> Sent: Tuesday, September 12, 2000 2:43 PM
> Subject: Re: can you shutdown a console port?
>
>
> > The last statement was incorrect!!
> >
> > Console and aux ports DO NOT require a password. VTY's do however. You
> > should set a complex password on your console and aux port.
> >
> > The other thing you can do is setup local authentication which will
> require
> > a username and matching password. This will make it even harder to
break.
> >
> > You can also weed out a few amatuers by changing your console speed to
> > something other than 9600. When I tested mine I didn't even get ascii
> text
> > so there is no indication the speed is set wrong. That may be different
> > with other terminal programs though (I'm using SecureCRT 3.1).
> >
> > You should be ok as long as you have physical security and good
passwords
> > you likely won't have any problems.
> >
> > John
> >
> > ----- Original Message -----
> > From: beth shriver <[EMAIL PROTECTED]>
> > To: David L. Blair <[EMAIL PROTECTED]>
> > Cc: <[EMAIL PROTECTED]>
> > Sent: Tuesday, September 12, 2000 12:52 PM
> > Subject: Re: can you shutdown a console port?
> >
> >
> > > if you use the password recovery technique and hit
> > > break during boot . and go to rommon mode.. would the
> > > router even know there is a password on the console?
> > > thanks
> > > Beth
> > > --- "David L. Blair" <[EMAIL PROTECTED]> wrote:
> > > > require a password on the console port and do not
> > > > supply a password. That
> > > > will effectively deny all access via the console
> > > > port.
> > > >
> > > > -dlb
> > > >
> > > > ----- Original Message -----
> > > > From: "beth shriver" <[EMAIL PROTECTED]>
> > > > Newsgroups: groupstudy.cisco
> > > > Sent: Tuesday, September 12, 2000 8:43 AM
> > > > Subject: can you shutdown a console port?
> > > >
> > > >
> > > > > Is there anyway to keep someone from plugging in a
> > > > > console port and using password recovery procedure
> > > > to
> > > > > get into a router? for instance if you have a
> > > > router
> > > > > at a remote site and someone decides they want to
> > > > > alter your config etc. what could stop them?
> > > > (besides
> > > > > a huge padlock ?)
> > > > >
> > > > >
> > > > > __________________________________________________
> > > > > Do You Yahoo!?
> > > > > Yahoo! Mail - Free email you can access from
> > > > anywhere!
> > > > > http://mail.yahoo.com/
> > > > >
> > > > > **NOTE: New CCNA/CCDA List has been formed. For
> > > > more information go to
> > > > > http://www.groupstudy.com/list/Associates.html
> > > > > _________________________________
> > > > > UPDATED Posting Guidelines:
> > > > http://www.groupstudy.com/list/guide.html
> > > > > FAQ, list archives, and subscription info:
> > > > http://www.groupstudy.com
> > > > > Report misconduct and Nondisclosure violations to
> > > > [EMAIL PROTECTED]
> > > > >
> > >
> > >
> > > __________________________________________________
> > > Do You Yahoo!?
> > > Yahoo! Mail - Free email you can access from anywhere!
> > > http://mail.yahoo.com/
> > >
> > > **NOTE: New CCNA/CCDA List has been formed. For more information go to
> > > http://www.groupstudy.com/list/Associates.html
> > > _________________________________
> > > UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
> > > FAQ, list archives, and subscription info: http://www.groupstudy.com
> > > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> >
> > **NOTE: New CCNA/CCDA List has been formed. For more information go to
> > http://www.groupstudy.com/list/Associates.html
> > _________________________________
> > UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
> > FAQ, list archives, and subscription info: http://www.groupstudy.com
> > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>
> **NOTE: New CCNA/CCDA List has been formed. For more information go to
> http://www.groupstudy.com/list/Associates.html
> _________________________________
> UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
> FAQ, list archives, and subscription info: http://www.groupstudy.com
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>
**NOTE: New CCNA/CCDA List has been formed. For more information go to
http://www.groupstudy.com/list/Associates.html
_________________________________
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
