From: batz (batsy@vapour.net)
Date: Fri Jun 14 2002 - 17:43:20 EDT
It's all right here:
Things to do in ciscoland when you are dead, by gaius.
http://www.phrack.com/phrack/56/p56-0x0a
On Wed, 12 Jun 2002, Krish Ahya wrote:
:Date: Wed, 12 Jun 2002 18:05:51 -0500
:From: Krish Ahya <Krish@houston.rr.com>
:To: pen-test@securityfocus.com
:Subject: Re: Sniff/Source Route Cisco Router Traffic?
:
:Yes, you can. Use Policy Based Routing using the route-map command. Using
:PBR, you can route based on just about anything (even ports) and set
:destinations.
:
:http://www.cisco.com/warp/public/cc/techno/protocol/tech/plicy_wp.htm
:http://www.cisco.com/warp/public/105/top_issues/iprouting/policyrt.html
:http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/12cgcr/qos_c
:/qcpart1/qcpolicy.htm
:
:- Krish, CCNP
:~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~
:I have not failed 10,000 times, I have sucessfully found 10,000 ways that
:won't work." -- Thomas A. Edison
:----- Original Message -----
:From: <omegatron@hushmail.com>
:To: <pen-test@securityfocus.com>
:Sent: Wednesday, June 12, 2002 12:25 AM
:Subject: Sniff/Source Route Cisco Router Traffic?
:
:
:>
:> -----BEGIN PGP SIGNED MESSAGE-----
:> Hash: SHA1
:>
:>
:> Hi,
:>
:> Performing a pen-test on a class C network, and I've gained privileged
:access to the main router on the client's network. It is a Cisco 2600, and
:appears to sit in front of a firewall (although the fw is transparent at
:this point). It is directly connected via a Ethernet interface to the entire
:network, and it doesn't appear to be doing any NAT/masquerading.
:>
:> The firewall(s) still filters traffic from the router (the router is does
:not appear "trusted"). I was wondering if there was a way to sniff or route
:(source route?) traffic that is destined to the client's network to my own
:machine on the Internet and capture that traffic while allowing it to pass
:thru to the client's network unmodified and with little packet loss.
:>
:> Are there any other tricks I can do with admin access (aside from obvious
:DoS attacks) to the external router? For clarification, I have the Cisco
:2600 privileged password and can telnet to the router remotely.
:>
:> I cannot identify the firewall via port scans or any manner of filter
:bypassing/firewalking, although I'd love to hear some suggestions.
:>
:> Thanks,
:>
:> o.
:>
:> -----BEGIN PGP SIGNATURE-----
:> Version: Hush 2.1
:> Note: This signature can be verified at https://www.hushtools.com
:>
:> wl4EARECAB4FAj0G2noXHG9tZWdhdHJvbkBodXNobWFpbC5jb20ACgkQYPShwwsH0MIo
:> jwCgv2vT99T2plG7TrvWCl4Pu8BFNyIAn1IjOeFx6ot0+512dOno3iMIrni4
:> =lGzb
:> -----END PGP SIGNATURE-----
:>
:>
:> Communicate in total privacy.
:> Get your free encrypted email at https://www.hushmail.com/?l=2
:>
:> Looking for a good deal on a domain name?
:http://www.hush.com/partners/offers.cgi?id=domainpeople
:>
:>
:> --------------------------------------------------------------------------
:--
:> This list is provided by the SecurityFocus Security Intelligence Alert
:(SIA)
:> Service. For more information on SecurityFocus' SIA service which
:> automatically alerts you to the latest security vulnerabilities please
:see:
:> https://alerts.securityfocus.com/
:>
:>
:
:
:
:----------------------------------------------------------------------------
:This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
:Service. For more information on SecurityFocus' SIA service which
:automatically alerts you to the latest security vulnerabilities please see:
:https://alerts.securityfocus.com/
:
-- -- batz ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:22 EDT