Cisco Router Hacking (Power Point)

2,545 views
2,488 views

Published on

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
2,545
On SlideShare
0
From Embeds
0
Number of Embeds
7
Actions
Shares
0
Downloads
26
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Cisco Router Hacking (Power Point)

  1. 1. Cisco Router Hacking Group 8 Vernon Guishard Kelvin Aguebor ECE 4112
  2. 2. Introduction <ul><li>Cisco Systems, Inc. sells networking and communications technology and services. </li></ul><ul><li>Cisco is known for creating the first commercially successful multi-protocol router. </li></ul><ul><li>March 2000, Cisco had the market capitalization of $500 billion. </li></ul><ul><li>Currently, it has a market cap of $175 billion, controls 58% of the market sale of routers. </li></ul><ul><li>The Cisco routers have been more likely to have attacks. </li></ul><ul><li>Large market share can lead to attacks being devastating for the internet. </li></ul>
  3. 3. Identifying Routers and Vulnerabilities <ul><li>Nmap is used to identify the router. </li></ul><ul><ul><li>OS fingerprinting </li></ul></ul><ul><li>Telnet is another solution to track down routers. </li></ul><ul><ul><li>Trademark Cisco Banner “User Access Verification” </li></ul></ul><ul><li>SING is used to identify the router. </li></ul><ul><ul><li>It uses ICMP packets to find the router </li></ul></ul><ul><li>Nessus can be used to find vulnerabilities. </li></ul>
  4. 4. Cisco Vulnerabilities <ul><li>Console Password Recovery </li></ul><ul><ul><li>All Cisco routers and switches affected </li></ul></ul><ul><ul><li>Not regarded as a vulnerability </li></ul></ul><ul><ul><li>A way for System Admin to recover lost passwords </li></ul></ul><ul><ul><li>May be used by hackers who have physical access to machines </li></ul></ul><ul><li>HTTP Configuration Arbitrary Administrative Access Vulnerability </li></ul><ul><ul><li>Cisco IOS release 11.3 or higher, are vulnerable. </li></ul></ul><ul><ul><li>Attacker can gain access to a router without authentication </li></ul></ul><ul><ul><li>Attacker can completely control, change, and configure the device </li></ul></ul><ul><ul><li>http://10.0.1.252/level/99/exec/show/config </li></ul></ul>
  5. 5. Cisco Vulnerabilities <ul><li>Router Denial of Service (DOS) Vulnerability </li></ul><ul><ul><li>It affects all Cisco routers and switches from releases 11.1 through 12.1 </li></ul></ul><ul><ul><li>Causes the routers and switches to stop forwarding packets on specific interface </li></ul></ul><ul><ul><li>IPv4 packets with protocol type of 53, 55, 77 or 103 causes input queue to be flagged as full </li></ul></ul><ul><li>Telnet Buffer Overflow Vulnerability </li></ul><ul><ul><li>Cisco Broadband Operating System (CBOS), an operating system for the Cisco 600 family of routers are vulnerable </li></ul></ul><ul><ul><li>Extremely long telnet passwords cause the router to crash then reboot </li></ul></ul><ul><ul><li>Attacker can repeat until fixed, causing a DOS </li></ul></ul>
  6. 6. Solutions to Vulnerabilities <ul><li>Vulnerabilities know by Cisco and Patches Released </li></ul><ul><ul><li>Most lingering vulnerabilities due to poor network administration </li></ul></ul><ul><ul><li>Upgrade Cisco IOS </li></ul></ul><ul><ul><li>Use access-list if not able to upgrade </li></ul></ul><ul><ul><li>TACAS or Radius effective in preventing HTTP vulnerability </li></ul></ul>
  7. 7. Lab Procedures <ul><li>Section 1: Console Password Exploit </li></ul><ul><ul><li>Using hyper terminal to access routers </li></ul></ul><ul><ul><li>Obtaining enable password and enable secret of the router </li></ul></ul><ul><li>Section 2: Identifying Cisco Routers </li></ul><ul><ul><li>Using NMAP and telnet to identify routers </li></ul></ul><ul><li>Section 3: Network Exploits </li></ul><ul><ul><li>Using the Cisco Global Exploit tool </li></ul></ul><ul><ul><li>Protecting against the Cisco Global Exploit tool </li></ul></ul>
  8. 8. References <ul><li>http:// en.wikipedia.org/wiki/Terminal_emulator </li></ul><ul><li>http://www.securityfocus.com/infocus/1734 </li></ul><ul><li>http://www.securityfocus.com/infocus/1749 </li></ul><ul><li>http://secure-o-gram.blogspot.com/2005/11/ios-exploit-and-auditing-tools.html </li></ul><ul><li>http://www.cisco.com/warp/public/707/cisco-sn-20040326-exploits.shtml#details </li></ul><ul><li>http://www.milw0rm.com/exploits/ </li></ul><ul><li>http://www.cisco.com/en/US/products/hw/routers/ps133/products_tech_note09186a008022493f.shtml </li></ul>
  9. 9. Questions?

×