Penetration Testing mailing list archives
Re: Sniff/Source Route Cisco Router Traffic?
From: batz <batsy () vapour net>
Date: Fri, 14 Jun 2002 17:43:20 -0400 (EDT)
It's all right here: Things to do in ciscoland when you are dead, by gaius. http://www.phrack.com/phrack/56/p56-0x0a On Wed, 12 Jun 2002, Krish Ahya wrote: :Date: Wed, 12 Jun 2002 18:05:51 -0500 :From: Krish Ahya <Krish () houston rr com> :To: pen-test () securityfocus com :Subject: Re: Sniff/Source Route Cisco Router Traffic? : :Yes, you can. Use Policy Based Routing using the route-map command. Using :PBR, you can route based on just about anything (even ports) and set :destinations. : :http://www.cisco.com/warp/public/cc/techno/protocol/tech/plicy_wp.htm :http://www.cisco.com/warp/public/105/top_issues/iprouting/policyrt.html :http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/12cgcr/qos_c :/qcpart1/qcpolicy.htm : :- Krish, CCNP :~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~ :I have not failed 10,000 times, I have sucessfully found 10,000 ways that :won't work." -- Thomas A. Edison :----- Original Message ----- :From: <omegatron () hushmail com> :To: <pen-test () securityfocus com> :Sent: Wednesday, June 12, 2002 12:25 AM :Subject: Sniff/Source Route Cisco Router Traffic? : : :> :> -----BEGIN PGP SIGNED MESSAGE----- :> Hash: SHA1 :> :> :> Hi, :> :> Performing a pen-test on a class C network, and I've gained privileged :access to the main router on the client's network. It is a Cisco 2600, and :appears to sit in front of a firewall (although the fw is transparent at :this point). It is directly connected via a Ethernet interface to the entire :network, and it doesn't appear to be doing any NAT/masquerading. :> :> The firewall(s) still filters traffic from the router (the router is does :not appear "trusted"). I was wondering if there was a way to sniff or route :(source route?) traffic that is destined to the client's network to my own :machine on the Internet and capture that traffic while allowing it to pass :thru to the client's network unmodified and with little packet loss. :> :> Are there any other tricks I can do with admin access (aside from obvious :DoS attacks) to the external router? For clarification, I have the Cisco :2600 privileged password and can telnet to the router remotely. :> :> I cannot identify the firewall via port scans or any manner of filter :bypassing/firewalking, although I'd love to hear some suggestions. :> :> Thanks, :> :> o. :> :> -----BEGIN PGP SIGNATURE----- :> Version: Hush 2.1 :> Note: This signature can be verified at https://www.hushtools.com :> :> wl4EARECAB4FAj0G2noXHG9tZWdhdHJvbkBodXNobWFpbC5jb20ACgkQYPShwwsH0MIo :> jwCgv2vT99T2plG7TrvWCl4Pu8BFNyIAn1IjOeFx6ot0+512dOno3iMIrni4 :> =lGzb :> -----END PGP SIGNATURE----- :> :> :> Communicate in total privacy. :> Get your free encrypted email at https://www.hushmail.com/?l=2 :> :> Looking for a good deal on a domain name? :http://www.hush.com/partners/offers.cgi?id=domainpeople :> :> :> -------------------------------------------------------------------------- :-- :> This list is provided by the SecurityFocus Security Intelligence Alert :(SIA) :> Service. For more information on SecurityFocus' SIA service which :> automatically alerts you to the latest security vulnerabilities please :see: :> https://alerts.securityfocus.com/ :> :> : : : :---------------------------------------------------------------------------- :This list is provided by the SecurityFocus Security Intelligence Alert (SIA) :Service. For more information on SecurityFocus' SIA service which :automatically alerts you to the latest security vulnerabilities please see: :https://alerts.securityfocus.com/ : -- -- batz ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
Current thread:
- Sniff/Source Route Cisco Router Traffic? omegatron (Jun 12)
- RE: Sniff/Source Route Cisco Router Traffic? Maximiliano PĂ©rez (Jun 12)
- Re: Sniff/Source Route Cisco Router Traffic? Krish Ahya (Jun 13)
- Re: Sniff/Source Route Cisco Router Traffic? batz (Jun 14)
- <Possible follow-ups>
- RE: Sniff/Source Route Cisco Router Traffic? Joshua Wright (Jun 12)