Cisco 3640 router password gone

[rwhall51]

I have a Cisco 3640 that for some reason the password is changing. There are only two of us in the company that know how to get into the router. This last time I went into the router end the password was not being accepted, I did a reboot so that I could reset the password and the router died. It loops with a exception error. I called TAC and now they are sending a new unit. This was the second time that the password was changed. I was able to reset it the first time.

I did do a show run command before the reboot and the password in the beginning of the out put was "coolboot", which I have never seen before, and the password at the end of the out put was "chcrack". Of course either one worked.

Has anyone seen this before?

 

[tschouten]

Can't say that I have seen anything like it before.

 

[lvennard]

We play small jokes on each other when the admin will leave the snmp read/write strings as the default. It is VERY easy to do.... you can change ANYTHING using snmp.

Hint: dont use public/private as snmp strings and put an access list on there for snmp.

Maybe they were using brute force to attack the router, use access lists here too.

Make all five passwords (con0 vty enable snmpread snmpwrite) using ascii characters.
examples
eye_8@_m1kes (I ate at mikes)
wh0$-th3-b0$$ (whos the boss)
they can still brute force it to get to it, but it will take them a long time.

use access lists for snmp and telnet.

 

[tschouten]

No wonder, when I use snmp I have access lists only allowing certain machines to work on it. I never ever use public/private. That's like using cisco as a password. But what you posted there is some good advice. Not to mention a good explenation as to what is happening.

 

[rwhall51]

I was able to bring the router back after removing the memory. Once I did that the router booted fine. My snmp is not using the default strings, and I will look at changing the router passwords again. Even after the router came back up it had trouble with seeing one of the WAN cards. Once I moved it around a few times, it finally saw it. I still think I have some hardware trouble.

 

[rwhall51]

I was able to bring the router back after removing the memory. Once I did that the router booted fine. My snmp is not using the default strings, and I will look at changing the router passwords again. Even after the router came back up it had trouble with seeing one of the WAN cards. Once I moved it around a few times, it finally saw it. I still think I have some hardware trouble.

 

[lvennard]

Thats good that you found the prob, but how can hardware change the password? Ask TAC, see what they say..

 

[tschouten]

True, not seeing a card until you shuffle it arouond a while sounds like a bus problem. Which is actually common in that model. Which can account for part of your problem with passwords as well.

 

[rwhall51]

The bus is what TAC seemed to think that it was. I have ordered a referb unit to replace the old one. Sine the old one works some what I figured I would keep it on the shelf as a back up. This might be stupid to ask, but I want to be sure. Can I change the bus in this router?

 

[tschouten]

You know, I have never tried doing something like that at all. I'm sure you could replace them if you could get the part. I've always had a contract to cover the equipment and simply said 'Ship me a knew one this be broke-ed!"

You could try though, this company refurbishes equipment to use for training and what not (they sell old equipment for CCNP/CCIE labs). Try contacting them and seeing if you can get any information out of them, they may be able to point you in the right direction or even want to buy it off of you.

http://www.knowledgecomputers.net