Okay, is anyone trying this? Looking at it? You break boot. you o/r 0x42 you i system boots boots to the stored config ignoringpasswords then disables the console or aux port you are on, making it very difficult to change a password, or delete it from the config.
You CAN put a completely new one in. But you won't be bypassing the password on the old one. Or changing it. or modifying the acl or config on it. But the fellow with the diag-cutters disconnecting the console port physically has a point. -----Original Message----- From: Douglas Gullett [mailto:[EMAIL PROTECTED]] Sent: Friday, April 05, 2002 9:38 PM To: DocValde; [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: RE: Cisco Password Recovery Also from the Cisco Website under Troubleshooting: "Break (system interrupt) is always enabled for 60 seconds after rebooting the system, even if break is configured to be off by setting the configuration register. During the 60-second window, you can break to the bootstrap mode prompt." http://www.cisco.com/univercd/cc/td/doc/product/access/acs_fix/cis2000/c2000 qs/22820.htm Douglas Gullett, CCNA, CCDA, CCNP -----Original Message----- From: DocValde [mailto:[EMAIL PROTECTED]] Sent: Thursday, April 04, 2002 2:10 PM To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: Re[2]: Cisco Password Recovery >> -----Original Message----- >> From: Shafagh Zandi [mailto:[EMAIL PROTECTED]] >> Sent: Saturday, March 30, 2002 8:10 AM >> To: [EMAIL PROTECTED] >> Subject: Cisco Password Recovery >> >> Hi, Everybody >> >> How can I disable password recovery? >> >> Shafagh Zandi. Hi there, i was not able to follow everey postings in this thread, so excuse me, if it was already mentioned... jon schatz <[EMAIL PROTECTED]> wrote: > but anyone with pyhsical > (serial cable) access to a cisco product can force the device to reboot > and ignore the saved configuration. You can then do a "conf t" and > create a new config, save it, and reboot. Rob Hughes <[EMAIL PROTECTED]> wrote: > If you have physical access the the routers, you can't prevent password > recovery as Cisco built it into the ROM. This is true, of course, for default cisco routers, but you can disable the break-possibility during system boot, as you can see here: http://www.cisco.com/univercd/cc/td/doc/product/access/acs_fix/cis2000/c2000 qs/22812.htm But remember all the things said in this thread before! If you do this, and an error occurs during your configuration or you get lost of the passwords, you are definitely locked out! Rob Hughes <[EMAIL PROTECTED]> wrote: > Also, anyone who can view the > encrypted password can use a utility that will recover the encrypted > password from the config or from sho run, etc. That is true for almost every password in your cisco router config, but as i was told today at work by our CCIE, this is not valid for the "enable secret", which cannot be cracked with the common tools. But i didn't test this, so me and him may be wrong... Any comments? Regards, Doc. -- DocValde web: http://www.DocValde.net eMail: [EMAIL PROTECTED]
