Re: Remote Cisco Identification

[listuser () SEIFRIED ORG (Kurt Seifried)]

> Cisco Note:
> ---------
> It is documented that cisco uses port 1999.  However I have never seen
> the details of its use.  This may not be an immediate security bug, it
> may do exactly as it was intended.  However I did not feel that everyone
> would be aware of how easy it is to remotely identify Cisco products.
> With the IOSLOGON, and HISTORY bug out there, it may be advisable to
> prevent your router from telling everyone what brand it is.-----Thanks
> to Aleph One for info----------
> > tcp-id-port      1999/tcp      cisco identification port
> > tcp-id-port      1999/udp      cisco identification port

Probably the big brother to:

> From a CCNA study guide (slightly paraphrased):

Cisco Discover Protocol
layer 2 media and protocol independant protocol that runs on all cisco
manufactured hardware (yikes)... Each device configured for CDP sends
out periodic messages to a MAC layer multicast address. These
advertisements include information about the software and capabilities
of the platform (double yikes).

show cdp neighbour
shows a table with what is attached to interfaces (at the remote end).

show cdp neighbour detail
shows a whole lot more info, supposedly a great tool for trouble shooting,
since it is protocol/media independant you can see if the remote side
has a misconfigured address/whatnot. More detail on how to disable it/etc
on page 78-79 "Router Products  Commands Summary Rel 11.0" (just look
up cdp in the index).

You might want to see if there are commands to show info like the
interfaces,
networks, and whatnot, I suspect they might be in there (nice boner for
cisco
to pull). Then it would make for a truely great Cisco network discovery
util.

-seifried, MCSE, wanna be CCNA.