Re: Sniff/Source Route Cisco Router Traffic?

From: Krish Ahya (Krish@houston.rr.com)
Date: Wed Jun 12 2002 - 19:05:51 EDT

Yes, you can. Use Policy Based Routing using the route-map command. Using
PBR, you can route based on just about anything (even ports) and set
destinations.

http://www.cisco.com/warp/public/cc/techno/protocol/tech/plicy_wp.htm
http://www.cisco.com/warp/public/105/top_issues/iprouting/policyrt.html
http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/12cgcr/qos_c
/qcpart1/qcpolicy.htm

- Krish, CCNP
~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~
I have not failed 10,000 times, I have sucessfully found 10,000 ways that
won't work." -- Thomas A. Edison
----- Original Message -----
From: <omegatron@hushmail.com>
To: <pen-test@securityfocus.com>
Sent: Wednesday, June 12, 2002 12:25 AM
Subject: Sniff/Source Route Cisco Router Traffic?

>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
>
> Hi,
>
> Performing a pen-test on a class C network, and I've gained privileged
access to the main router on the client's network. It is a Cisco 2600, and
appears to sit in front of a firewall (although the fw is transparent at
this point). It is directly connected via a Ethernet interface to the entire
network, and it doesn't appear to be doing any NAT/masquerading.
>
> The firewall(s) still filters traffic from the router (the router is does
not appear "trusted"). I was wondering if there was a way to sniff or route
(source route?) traffic that is destined to the client's network to my own
machine on the Internet and capture that traffic while allowing it to pass
thru to the client's network unmodified and with little packet loss.
>
> Are there any other tricks I can do with admin access (aside from obvious
DoS attacks) to the external router? For clarification, I have the Cisco
2600 privileged password and can telnet to the router remotely.
>
> I cannot identify the firewall via port scans or any manner of filter
bypassing/firewalking, although I'd love to hear some suggestions.
>
> Thanks,
>
> o.
>
> -----BEGIN PGP SIGNATURE-----
> Version: Hush 2.1
> Note: This signature can be verified at https://www.hushtools.com
>
> wl4EARECAB4FAj0G2noXHG9tZWdhdHJvbkBodXNobWFpbC5jb20ACgkQYPShwwsH0MIo
> jwCgv2vT99T2plG7TrvWCl4Pu8BFNyIAn1IjOeFx6ot0+512dOno3iMIrni4
> =lGzb
> -----END PGP SIGNATURE-----
>
>
> Communicate in total privacy.
> Get your free encrypted email at https://www.hushmail.com/?l=2
>
> Looking for a good deal on a domain name?
http://www.hush.com/partners/offers.cgi?id=domainpeople
>
>
> -------------------------------------------------------------------------- 

--
> This list is provided by the SecurityFocus Security Intelligence Alert
(SIA)
> Service. For more information on SecurityFocus' SIA service which
> automatically alerts you to the latest security vulnerabilities please
see:
> https://alerts.securityfocus.com/
>
>
----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:22 EDT