Your SlideShare is downloading. ×
Cisco Router Hacking (Power Point)
Cisco Router Hacking (Power Point)
Cisco Router Hacking (Power Point)
Cisco Router Hacking (Power Point)
Cisco Router Hacking (Power Point)
Cisco Router Hacking (Power Point)
Cisco Router Hacking (Power Point)
Cisco Router Hacking (Power Point)
Cisco Router Hacking (Power Point)
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Cisco Router Hacking (Power Point)

2,399

Published on

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
2,399
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
24
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Cisco Router Hacking Group 8 Vernon Guishard Kelvin Aguebor ECE 4112
  • 2. Introduction
    • Cisco Systems, Inc. sells networking and communications technology and services.
    • Cisco is known for creating the first commercially successful multi-protocol router.
    • March 2000, Cisco had the market capitalization of $500 billion.
    • Currently, it has a market cap of $175 billion, controls 58% of the market sale of routers.
    • The Cisco routers have been more likely to have attacks.
    • Large market share can lead to attacks being devastating for the internet.
  • 3. Identifying Routers and Vulnerabilities
    • Nmap is used to identify the router.
      • OS fingerprinting
    • Telnet is another solution to track down routers.
      • Trademark Cisco Banner “User Access Verification”
    • SING is used to identify the router.
      • It uses ICMP packets to find the router
    • Nessus can be used to find vulnerabilities.
  • 4. Cisco Vulnerabilities
    • Console Password Recovery
      • All Cisco routers and switches affected
      • Not regarded as a vulnerability
      • A way for System Admin to recover lost passwords
      • May be used by hackers who have physical access to machines
    • HTTP Configuration Arbitrary Administrative Access Vulnerability
      • Cisco IOS release 11.3 or higher, are vulnerable.
      • Attacker can gain access to a router without authentication
      • Attacker can completely control, change, and configure the device
      • http://10.0.1.252/level/99/exec/show/config
  • 5. Cisco Vulnerabilities
    • Router Denial of Service (DOS) Vulnerability
      • It affects all Cisco routers and switches from releases 11.1 through 12.1
      • Causes the routers and switches to stop forwarding packets on specific interface
      • IPv4 packets with protocol type of 53, 55, 77 or 103 causes input queue to be flagged as full
    • Telnet Buffer Overflow Vulnerability
      • Cisco Broadband Operating System (CBOS), an operating system for the Cisco 600 family of routers are vulnerable
      • Extremely long telnet passwords cause the router to crash then reboot
      • Attacker can repeat until fixed, causing a DOS
  • 6. Solutions to Vulnerabilities
    • Vulnerabilities know by Cisco and Patches Released
      • Most lingering vulnerabilities due to poor network administration
      • Upgrade Cisco IOS
      • Use access-list if not able to upgrade
      • TACAS or Radius effective in preventing HTTP vulnerability
  • 7. Lab Procedures
    • Section 1: Console Password Exploit
      • Using hyper terminal to access routers
      • Obtaining enable password and enable secret of the router
    • Section 2: Identifying Cisco Routers
      • Using NMAP and telnet to identify routers
    • Section 3: Network Exploits
      • Using the Cisco Global Exploit tool
      • Protecting against the Cisco Global Exploit tool
  • 8. References
    • http:// en.wikipedia.org/wiki/Terminal_emulator
    • http://www.securityfocus.com/infocus/1734
    • http://www.securityfocus.com/infocus/1749
    • http://secure-o-gram.blogspot.com/2005/11/ios-exploit-and-auditing-tools.html
    • http://www.cisco.com/warp/public/707/cisco-sn-20040326-exploits.shtml#details
    • http://www.milw0rm.com/exploits/
    • http://www.cisco.com/en/US/products/hw/routers/ps133/products_tech_note09186a008022493f.shtml
  • 9. Questions?

×