Re: Would like to know

a-hamza · ‎10-24-2001

Some one post this question on the board I am reposting it here so we can get some thoughts from very experinced guys like you,here we go:

"I have a question for you guys. I have been giving some thought about the configuration register and password recovery. It sure sounds to me that it is an easy thing to do to change your secret password if you forget it. Which means ultimately, is there any real security? Maybe Im misunderstanding, but it seems to me that if I had a malicious user within the company I work for, and they actually have PHYSICAL access to the server room (where the router would be), AND IF THEY KNEW HOW TO DO THIS, that this could be a real problem. Am I misunderstanding this? Because the way I understand it is that you can cause a break during a reboot of the router, change the configuration register to bypass startup-config (NVRAM), and then reset the secret password. Again, change the configuration register and reload. Now if someone knew this that was malicious, I (or you for that matter) could be up the creek in poo poo. Anyone have any comments OR please do correct me if my thinking is off base. Thanks in advance."

awilliamson · ‎10-24-2001

That is correct...it is a pretty well known 'exploit' if you want to call it that, but the only thing you can do is be sure that only trusted individuals have physical access to the equipment. There are other things you can do to try to stay aware of your equipments status. If you have a network management system in place, and someone rebooted your router, you could be alerted via email or pager or whatever. This would at least give you some indication that something out of the ordinary is going on...