Announcement

Collapse
No announcement yet.

Router reset to Factory settings - who did it?

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Router reset to Factory settings - who did it?

    Hi,
    someone has stolen the password for our router and he reset it to factory settings, i think by using:-
    router# configure terminal
    router(config)# config-register 0x2102
    router(config)# end
    router#

    is there anyway, i can trace that from where router was accessed? which Ip was used to trace the suspect?
    Thanks

  • #2
    Re: Router reset to Factory settings - who did it?

    hi

    if you have syslog server configured, there is a possibility to find.

    regards

    prabu
    prabu

    Comment


    • #3
      Re: Router reset to Factory settings - who did it?

      we dont have syslog. Is there anything on the Router itself?

      Comment


      • #4
        Re: Router reset to Factory settings - who did it?

        i dont think its possible
        prabu

        Comment


        • #5
          Re: Router reset to Factory settings - who did it?

          I also don't think you could find it back.
          The logging on a routeris quite minimum, that's why you should implement a syslogserver.

          However, a password reset is only possible if you have physical access. You need to give the router a break during bootsequence to access the rommon to change the config register.

          Maybe that can help you to find out who accessed the router physically.
          Marcel
          Technical Consultant
          Netherlands
          http://www.phetios.com
          http://blog.nessus.nl

          MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
          "No matter how secure, there is always the human factor."

          "Enjoy life today, tomorrow may never come."
          "If you're going through hell, keep going. ~Winston Churchill"

          Comment


          • #6
            Re: Router reset to Factory settings - who did it?

            Originally posted by Dumber View Post
            I also don't think you could find it back.
            The logging on a routeris quite minimum, that's why you should implement a syslogserver.

            However, a password reset is only possible if you have physical access. You need to give the router a break during bootsequence to access the rommon to change the config register.

            Maybe that can help you to find out who accessed the router physically.

            Syslog isn't going to give you much here. To do this all the intruder has to do is pull the power feed and unplug the device from the LAN. Boot it back up with the console cable in and erase the config, and then put it back ont eh LAN - syslog will never hear a word about it.
            Thanks,
            Brian Desmond
            Microsoft MVP - Directory Services
            www.briandesmond.com

            Comment

            Working...
            X