Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: news story and router passwords

From: antirez <antirez () linuxcare com>
Date: Sat, 14 Oct 2000 12:12:42 +0200
You can avoid having this happen to you by administering your
routers prudently.  For a Cisco, you have many options: use AAA
and a 1-time password scheme (like SecureID and a RADIUS or TACACS+
server), put an access-list on the VTY port so the router can only
be administered from a trusted host (like a UNIX box to which you
can SSH) so even if I know the password I can't use it, or use SSH
on the router itself (not an option under older IOS images).  Also,


A good solution can be to close all the access on the router
except the serial access, build a secure box, link the secure
box and the router via serial port. Now you can use all the
authentication methods available for OSes like OpenBSD, Linux
and so on to access the secure box, and use minicom to talk
with the router.

antirez

--
Salvatore Sanfilippo, Open Source Developer, Linuxcare Italia spa
+39.049.80 43 411 tel, +39.049.80 43 412 fax
antirez () linuxcare com, http://www.linuxcare.com/
Linuxcare. Support for the revolution.
Previous By Date Next
Previous By Thread Next

Current thread: