RE: Sniff/Source Route Cisco Router Traffic?

From: Maximiliano Pérez (mp@overflow.com.ar)
Date: Wed Jun 12 2002 - 16:41:10 EDT

• Next message: Dan Cuthbert: "Enumerating Netscape Enterprise\Application server"
• Previous message: Breidenbach, Beth: "RE: SQL Injection"
• In reply to: omegatron@hushmail.com: "Sniff/Source Route Cisco Router Traffic?"
• Next in thread: Krish Ahya: "Re: Sniff/Source Route Cisco Router Traffic?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

How about making a tunnel and proxy arping?

cheers.

-----Mensaje original-----
De: omegatron@hushmail.com [mailto:omegatron@hushmail.com]
Enviado el: Wednesday, June 12, 2002 2:26 AM
Para: pen-test@securityfocus.com
Asunto: Sniff/Source Route Cisco Router Traffic?

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,

Performing a pen-test on a class C network, and I've gained privileged
access to the main router on the client's network. It is a Cisco 2600, and
appears to sit in front of a firewall (although the fw is transparent at
this point). It is directly connected via a Ethernet interface to the entire
network, and it doesn't appear to be doing any NAT/masquerading.

The firewall(s) still filters traffic from the router (the router is does
not appear "trusted"). I was wondering if there was a way to sniff or route
(source route?) traffic that is destined to the client's network to my own
machine on the Internet and capture that traffic while allowing it to pass
thru to the client's network unmodified and with little packet loss.

Are there any other tricks I can do with admin access (aside from obvious
DoS attacks) to the external router? For clarification, I have the Cisco
2600 privileged password and can telnet to the router remotely.

I cannot identify the firewall via port scans or any manner of filter
bypassing/firewalking, although I'd love to hear some suggestions.

Thanks,

o.

-----BEGIN PGP SIGNATURE-----
Version: Hush 2.1
Note: This signature can be verified at https://www.hushtools.com

wl4EARECAB4FAj0G2noXHG9tZWdhdHJvbkBodXNobWFpbC5jb20ACgkQYPShwwsH0MIo
jwCgv2vT99T2plG7TrvWCl4Pu8BFNyIAn1IjOeFx6ot0+512dOno3iMIrni4
=lGzb
-----END PGP SIGNATURE-----

Communicate in total privacy.
Get your free encrypted email at https://www.hushmail.com/?l=2

Looking for a good deal on a domain name?
http://www.hush.com/partners/offers.cgi?id=domainpeople

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

• Next message: Dan Cuthbert: "Enumerating Netscape Enterprise\Application server"
• Previous message: Breidenbach, Beth: "RE: SQL Injection"
• In reply to: omegatron@hushmail.com: "Sniff/Source Route Cisco Router Traffic?"
• Next in thread: Krish Ahya: "Re: Sniff/Source Route Cisco Router Traffic?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:22 EDT