So I just had a white hat security finding on my external router. I appeared to be low in the findings and I am unsure if this protocol is even used any more. My router is a Cisco 3825 running IOS 12.3(11r)T2. This is what they reported:
One or more Cisco routers have the MOP RC (Maintenance Operation Protocol -Remote Console) function enabled, which is a poor security practice. MOP enables personnel on the local network, or a remote network that is bridged to the local network, to obtain access to a remote console on the router if they possess credentials for the device. This is significant because access to router management is usually protected by IP-based ACLs. As a Layer 2 protocol, MOP allows for the circumvention of this type of ACL, making brute force login attempts possible if account lockout is not enabled. If account lockout is enabled, such attempts could result in a denial of service due to user accounts being locked out.
FYI - I do apply no mop enabled to all my L3 interfaces learned from my CCIE studies, but I wasnt aware this is still an open protocol in ios 15 train though!
Please rate and mark as an accepted solution if you have found any of the information provided useful. This then could assist others on these forums to find a valuable answer and broadens the community’s global network.