Default Passwords for World Wide Packets/Lightning Edge Equipment

Steven Bellovin smb at
Wed Jan 6 22:13:58 UTC 2010

On Jan 6, 2010, at 4:43 AM, George Bonser wrote:

>> -----Original Message-----
>>> having physical access pretty much trumps any other security
> measure.
>> The fact that there's a factory default means that lots of folks won't
>> change it when they configure the unit with an IP address; they follow
>> this with failing to implement iACLs, and it's pw3nt1me!
> I suppose it is a philosophical thing with me.  I don't believe in
> protecting people from their own stupidity. If you try to enforce that,
> you end up with organizations making up their own "default" passwords
> which can be little better than manufacturer defaults. 
They're much better, since once guess doesn't suffice for all devices; see for some indication of just how bad the problem can be.  And we all suffer from p0wned devices, because they get turned into bots.  Roland is 100% right.

		--Steve Bellovin,

More information about the NANOG mailing list