Re: Using a Compromised Router to Capture Network Traffic

From: Fabio Pietrosanti (naif) (naif@blackhats.it)
Date: Tue Jul 16 2002 - 11:43:51 EDT

• Next message: batz: "Re: Using a Compromised Router to Capture Network Traffic"
• Previous message: Jacek Lipkowski: "Re: PenTesting a IPX/SPX Client"
• In reply to: Penetration Testing: "Using a Compromised Router to Capture Network Traffic"
• Next in thread: batz: "Re: Using a Compromised Router to Capture Network Traffic"
• Reply: batz: "Re: Using a Compromised Router to Capture Network Traffic"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

On Mon, Jul 15, 2002 at 10:43:49AM -0800, Penetration Testing wrote:
> Hi all.
>
> I have recently completed some experimentation into using a captured
> router to sniff network traffic on a remote network. This is in the same
> vein as Gauis' article in Phrack 56 (Things to do in cisco land when you
> are dead).
>
> I have tried to build on Gauis' work in that I terminated the GRE tunnel
> on a Cisco router instead of a *nix machine. I explored a couple of
> possible scenarios for this, the net result being that it is possible to
> remotely capture (bi-directional) network traffic using NO customised
> tools; all that is required is one cisco router with vanilla IOS, and a
> machine that can run snoop or tcpdump.

Why having a "so complex" infrastructure ?

All you need is linux 2.4.X kernel with netfilter and GRE support and the following tools:

- iptables
- iproute2
- any sniffing/hijacking tools ( ettercap, dsniff, hunt, ethereal )

Using this configuration you can do whatever you want:

- create funny policy routing rules
- intercept traffic
- hijack traffic
- decrement TTL and manipulate traffic in many way
- insert NAT rules to eventually bypass firewall

and you don't need to have a cisco router neither to have to cope with GRE
encapsulation :)

Using a cisco router for hacking purpose is crazy, use linux! :)

Regards

--
Fabio Pietrosanti ( naif )
E-mail: naif@blackhats.it - naif@sikurezza.org
PGP Key (DSS) http://naif.itapac.net/naif.asc
--
 "Hacking is the future of security research" R.Power, CSI 
Free advertising: www.openbsd.org Multiplatform Ultra-secure OS
----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

• Next message: batz: "Re: Using a Compromised Router to Capture Network Traffic"
• Previous message: Jacek Lipkowski: "Re: PenTesting a IPX/SPX Client"
• In reply to: Penetration Testing: "Using a Compromised Router to Capture Network Traffic"
• Next in thread: batz: "Re: Using a Compromised Router to Capture Network Traffic"
• Reply: batz: "Re: Using a Compromised Router to Capture Network Traffic"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:23 EDT