Cisco, haven't we learned anything? (technician reset)
Bill Nash
billn at bacchus.billn.net
Thu Jan 12 19:00:10 UTC 2006
Just as an offshoot discussion, what's the state-of-the-art for AAA
services? We use an modified tacacs server for multi-factor
authentication, and are moving towards a model that supports
single-use/rapid expiration passwords, with strict control over when and
how local/emergency authentication can be used.
I'd be interested in that discussion, on or offlist.
- billn
On Thu, 12 Jan 2006, Rob Thomas wrote:
>
> Hi, NANOGers.
>
> ] On the other hand, the most common practice to hack routers today, is
> ] still to try and access the devices with the notoriously famous default
> ] login/password for Cisco devices: cisco/cisco.
>
> This is NOT a default password in the IOS. The use of "cisco" as
> the access and enable passwords is a common practice by users, but
> it isn't bundled in the IOS. I've heard it began in training
> classes, where students were taught to use "cisco" as the
> passwords.
>
> Oh, and for those of you who think it mad leet to use "c1sc0" as
> your access and enable passwords, the miscreants are on to that as
> well. ;)
>
> We've seen large, massively peered and backbone routers owned
> through this same technique. We've even seen folks who have
> switched to Juniper, yet continue to use "cisco" as the login and
> password. :(
>
> The nice thing about cooking up blame is that there is always
> enough to serve everyone.
>
> Thanks,
> Rob.
> --
> Rob Thomas
> Team Cymru
> http://www.cymru.com/
> ASSERT(coffee != empty);
>
More information about the NANOG
mailing list