nanog mailing list archives
Re: Nipper and Cisco configuration results
From: Subba Rao <castellan2004-nsm () yahoo com>
Date: Fri, 3 Apr 2009 19:42:38 -0700 (PDT)
I did see a few false positives too with Nipper. What do you think about Router Audit Tool (RAT) instead? I downloaded ncat (aka RAT), but it does not have a global configuration file which I can use for all the routers and switches I have. Any tips on ncat/RAT configuration? I could not find any examples on using ncat. Subba Rao --- On Fri, 4/3/09, Christopher <chrismcc () pricegrabber com> wrote: From: Christopher <chrismcc () pricegrabber com> Subject: Re: Nipper and Cisco configuration results To: "nanog" <nanog () nanog org> Date: Friday, April 3, 2009, 12:36 PM On Thu, 2009-04-02 at 15:33 -0700, Subba Rao wrote:
I am using Nipper for verifying my Cisco configuration. Nipper is finding the "rlogin" service that is not in the configuration. I have searched the access lists and do not see it anywhere. The explanation by Nipper about this finding, "....Telnet protocol implemented by this service...." is confusing.
The problem, IMHO, is nipper. You might or might not have the rlogin service enabled, but nipper has so many false positives I find is almost useless. In my case, it caught some obvious things I had forgotten to do, but everything else was useless. For instance from the nipper source code: struct vulnerability report_vuln_ios11 = {9, 0, 0, 12, 4, 0, "CVE-2007-0479", "22208", "IPv4 TCP listener denial of service", true, false, vuln_req_none, false, &report_vuln_ios12}; What the above means to nipper is any IOS version 12.0.x, 12.1.x, 12.2.x, 12.3.x is vulnerable, while every 12.4.x version is OK. This is obviously false on *both* counts. http://www.cisco.com/en/US/products/products_security_advisory09186a00807cb0e4.shtml I spent a lot of time trying to explain this to $corporate audit guy that had never even logged into a router, let alone had to choose a stable IOS version for 6500/7600 class hardware.
Here is the Nipper's output:
<snip>
Thank you in advance for any help. Subba Rao
-- Christopher McCrory "The guy that keeps the servers running" chrismcc () pricegrabber com http://www.pricegrabber.com To the optimist, the glass is half full. To the pessimist, the glass is half empty. To the engineer, the glass is twice as big as it needs to be.
Current thread:
- Re: Nipper and Cisco configuration results, (continued)
- Re: Nipper and Cisco configuration results Mike Lewinski (Apr 02)
- Re: Nipper and Cisco configuration results Stephen Fisher (Apr 02)
- RE: Nipper and Cisco configuration results Jo¢ (Apr 02)
- Re: Nipper and Cisco configuration results Lee (Apr 02)
- Re: Nipper and Cisco configuration results Christopher (Apr 03)
- RE: Nipper and Cisco configuration results Subba Rao (Apr 02)
- RE: Nipper and Cisco configuration results Jo¢ (Apr 02)
- RE: Nipper and Cisco configuration results Subba Rao (Apr 02)
- RE: Nipper and Cisco configuration results Jo¢ (Apr 02)
- Re: Nipper and Cisco configuration results Subba Rao (Apr 03)
- Re: Nipper and Cisco configuration results Subba Rao (Apr 03)
- Re: Nipper and Cisco configuration results Lee (Apr 04)
- Re: Nipper and Cisco configuration results Tim Durack (Apr 04)
- Re: Nipper and Cisco configuration results Lee (Apr 04)
- Re: Nipper and Cisco configuration results Subba Rao (Apr 04)
- Re: Nipper and Cisco configuration results Lee (Apr 04)
- Re: Nipper and Cisco configuration results Mike Lewinski (Apr 02)