Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Cisco, haven't we learned anything? (technician reset)

  • From: Bill Nash
  • Date: Thu Jan 12 13:54:02 2006

Just as an offshoot discussion, what's the state-of-the-art for AAA services? We use an modified tacacs server for multi-factor authentication, and are moving towards a model that supports single-use/rapid expiration passwords, with strict control over when and how local/emergency authentication can be used.

I'd be interested in that discussion, on or offlist.

- billn

On Thu, 12 Jan 2006, Rob Thomas wrote:

Hi, NANOGers.

] On the other hand, the most common practice to hack routers today, is
] still to try and access the devices with the notoriously famous default
] login/password for Cisco devices: cisco/cisco.

This is NOT a default password in the IOS.  The use of "cisco" as
the access and enable passwords is a common practice by users, but
it isn't bundled in the IOS.  I've heard it began in training
classes, where students were taught to use "cisco" as the

Oh, and for those of you who think it mad leet to use "c1sc0" as
your access and enable passwords, the miscreants are on to that as
well.  ;)

We've seen large, massively peered and backbone routers owned
through this same technique.  We've even seen folks who have
switched to Juniper, yet continue to use "cisco" as the login and
password.  :(

The nice thing about cooking up blame is that there is always
enough to serve everyone.

Rob Thomas
Team Cymru
ASSERT(coffee != empty);

Discussion Communities

About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home

Merit Network, Inc.