nanog mailing list archives
Re: Cisco, haven't we learned anything? (technician reset)
From: John Kinsella <jlk () thrashyour com>
Date: Thu, 12 Jan 2006 06:35:42 -0800
I've been pretty happy with Cisco ACS - fairly solid, good reporting, once set up it seems to Just Work. John On Thu, Jan 12, 2006 at 11:00:10AM -0800, Bill Nash wrote:
Just as an offshoot discussion, what's the state-of-the-art for AAA services? We use an modified tacacs server for multi-factor authentication, and are moving towards a model that supports single-use/rapid expiration passwords, with strict control over when and how local/emergency authentication can be used. I'd be interested in that discussion, on or offlist. - billn On Thu, 12 Jan 2006, Rob Thomas wrote:Hi, NANOGers. ] On the other hand, the most common practice to hack routers today, is ] still to try and access the devices with the notoriously famous default ] login/password for Cisco devices: cisco/cisco. This is NOT a default password in the IOS. The use of "cisco" as the access and enable passwords is a common practice by users, but it isn't bundled in the IOS. I've heard it began in training classes, where students were taught to use "cisco" as the passwords. Oh, and for those of you who think it mad leet to use "c1sc0" as your access and enable passwords, the miscreants are on to that as well. ;) We've seen large, massively peered and backbone routers owned through this same technique. We've even seen folks who have switched to Juniper, yet continue to use "cisco" as the login and password. :( The nice thing about cooking up blame is that there is always enough to serve everyone. Thanks, Rob. -- Rob Thomas Team Cymru http://www.cymru.com/ ASSERT(coffee != empty);
Current thread:
- Re: Is my router owned? How would I know?, (continued)
- Re: Is my router owned? How would I know? Florian Weimer (Jan 12)
- Re: Is my router owned? How would I know? Martin Hannigan (Jan 12)
- Re: Is my router owned? How would I know? Christopher L. Morrow (Jan 12)
- Re: Is my router owned? How would I know? Joseph S D Yao (Jan 13)
- Re: Is my router owned? How would I know? Mikael Abrahamsson (Jan 12)
- Re: Is my router owned? How would I know? Alexei Roudnev (Jan 14)
- Re: Is my router owned? How would I know? Mikael Abrahamsson (Jan 14)
- Re: Is my router owned? How would I know? Alexei Roudnev (Jan 14)
- Re: Cisco, haven't we learned anything? (technician reset) Brett Frankenberger (Jan 12)
- Re: Cisco, haven't we learned anything? (technician reset) John Kinsella (Jan 12)
- Re: Cisco, haven't we learned anything? (technician reset) william(at)elan.net (Jan 12)
- Re: Cisco, haven't we learned anything? (technician reset) Jay Hennigan (Jan 12)
- Re: Cisco, haven't we learned anything? (technician reset) william(at)elan.net (Jan 12)