Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
14442
Views
0
Helpful
2
Replies

MOP RC (Maintenance Operation Protocol -Remote Console) function enabled

parakiteiz
Level 1
Level 1

‎08-25-2014 10:32 AM - edited ‎03-04-2019 11:36 PM

So I just had a white hat security finding on my external router. I appeared to be low in the findings and I am unsure if this protocol is even used any more. My router is a Cisco 3825 running IOS 12.3(11r)T2. This is what they reported:

One or more Cisco routers have the MOP RC (Maintenance Operation Protocol -Remote Console) function enabled, which is a poor security practice. MOP enables personnel on the local network, or a remote network that is bridged to the local network, to obtain access to a remote console on the router if they possess credentials for the device. This is significant because access to router management is usually protected by IP-based ACLs. As a Layer 2 protocol, MOP allows for the circumvention of this type of ACL, making brute force login attempts possible if account lockout is not enabled. If account lockout is enabled, such attempts could result in a denial of service due to user accounts being locked out.

 

I fixing this as easy as just running the no mop enabled command in the interface like this article suggests?  http://blogs.cisco.com/security/router_spring_cleaning_-_no_mop_required/

 

 

 

 

Labels:
0 Helpful
2 Replies 2

paul driver
VIP
VIP

‎08-25-2014 02:26 PM

Hello

Nice artical

FYI - I do apply no mop enabled to all my L3 interfaces learned from my CCIE studies, but I wasnt aware this is still an open protocol in ios 15 train though!

 

res

Paul


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful

parakiteiz
Level 1
Level 1
In response to paul driver

‎08-25-2014 03:44 PM

ya it was a great easy to read article on a feature you should turn off. Still I wonder how many master hackers try to hack that. DECnet who knew right

 

Do you apply no mop enable the interface or the subinterface??  Also I should only need to apply it to the interface facing the "internet" right?

0 Helpful
Customers Also Viewed These Support Documents