Thanks. LOL. I love reading your ranting. Such wisdom and knowledge. Thanks for sharing. It’s hot and humid here. I wish I was on the snow skiing I’ll reading through DoTU tomorrow and see how much still applies should be interesting. Keep in touch.

Grenpa Sliwinski you are such a legend

http://www.madness.at/~mad/cisco_ios_udc.html

– j3RzY

Great tip and a good blog. This should also lockout config via SNMP.

We used to call these pearls. Like in “programming pearls”. Keep it up.

I did some support other the years.

Anytime you do this it is good to have a back door so you do not get yourself locked out. e.g. change of ACLs; routing etc. can do it.

Some of these comments have only historical value.

I would always do “who” before I start to do anything and once in a while just to check who is also on the router; and sometimes clear line when it idle for a while. Old hacking habit (white hat only).

I have also found a good use for “reload in XXX” when you make gutsy configuration changes at remote uninhabited sites. When configs worked “reload cancel; wr” Saved a track roll many times.

Some other brute force methods for locking people out on CLI.

Clear other lines. Configure no login or ACL on these and keep only lines for yourself. I would usually keep more then one opened for myself not to get locked out (back door).

Another one is to set some high # vty lines with different passwords. Busy out first few vty lines and change the idle time to high; keep connecting and at some point you get the high # vty that has restricted passwords.

Here is another access tip. In the days when there was AUX (second asynch) port on Cisco devices we would put a modem on this port (does anybody still uses modems there is one in my laptop but I do not remember using it). We would test the modem periodically using Expect scripts; great tool for remote en-mass configs via CLI. From PSTN dial-in and from the inside with AT commands AT (expect OK) AT (set the string for the modem) AT DT # call out; expect a string. Escape back to CLI and clear AUX line.

Modem does not work well on console since console does not support all the RS323 signals; e.g. for hangup.

Another tip.

Do hop by hop telnet to routers and change terminal escape character (e.g. “term esc $” on the way, so that you can escape to CLI on different hops.

We are snowed in here (literary) about 2 feet so far since last night.

I am catching up on leet

– j3RzY 1337

PS.

More down the history line.

The “– name” goes way back; e-mail in pre-WEB days (late 80s) when we used to read RFCs to get educated. I sometimes feel I should write some Internet history; there are some cool links I digged out e.g. first public mention of the Cisco router on the mailing list.

Does anybody know what project DoTu was: Document the Undocumented; documentation of hidden IOS commands.