Router Skullduggery The Utility of Network Devices for Attack and Defense Chris Davis Hivercon 2003
Contents <ul><li>Philosophical Preliminaries </li></ul><ul><li>Network Devices as Attackers </li></ul><ul><li>Network Devi...
1.1 Medieval Security Chris Davis Hivercon 2003 Router Skullduggery:  The Utility of Network Devices for Attack and Defens...
1.2 Understanding Risk <ul><li>Risk is a function of the  likelihood  of a given  threat-source’s  exercising a particular...
1.3 Reducing Risk Chris Davis Hivercon 2003 Router Skullduggery:  The Utility of Network Devices for Attack and Defense In...
1.4 Control Effectiveness <ul><li>A control’s effectiveness is measured by its ability to reduce an attack’s   probability...
2.1 Skullduggery <ul><li>skullduggery  (n. see also Scots sculduddery)   1. a devious device or trick, 2. underhanded or u...
2.2 Brief History of Attacks Part I <ul><li>ARP Poisoning </li></ul><ul><ul><li>Target:  Network switches. </li></ul></ul>...
2.3 Brief History of Attacks Part II <ul><li>Route Manipulation </li></ul><ul><ul><li>Target:  Network routers. </li></ul>...
2.4 Traffic Detection router# conf t router(config)# access-list 101 permit tcp any any router(config)# exit router# debug...
2.5 Sniffing via Syslog Chris Davis Hivercon 2003 Router Skullduggery:  The Utility of Network Devices for Attack and Defe...
2.6 Sniffing on a Cisco (Ethernet) Chris Davis Hivercon 2003 Router Skullduggery:  The Utility of Network Devices for Atta...
2.7 Sniffing on a Cisco (Token-Ring) <ul><li>router#  debug ip packet <ACL> dump </li></ul><ul><li>2w3d: IP: s=10.20.40.1 ...
2.8 Passive Firewall Ruleset Enumeration <ul><li>Method:  Track any of the following: </li></ul><ul><ul><ul><li>Successful...
2.9 Firewall State Table Determination <ul><li>Method:  Track the following </li></ul><ul><ul><ul><li>Source and destinati...
2.10 Stealthy Network Mapping Chris Davis Hivercon 2003 Router Skullduggery:  The Utility of Network Devices for Attack an...
2.11 Packet Injection Chris Davis Hivercon 2003 Router Skullduggery:  The Utility of Network Devices for Attack and Defens...
2.12 Connection Hijacking Chris Davis Hivercon 2003 Router Skullduggery:  The Utility of Network Devices for Attack and De...
2.13 Sniffing via Telnet Chris Davis Hivercon 2003 Router Skullduggery:  The Utility of Network Devices for Attack and Def...
2.14 Blocked Tunnels Chris Davis Hivercon 2003 Router Skullduggery:  The Utility of Network Devices for Attack and Defense...
2.15 Remote Switch Sniffing Chris Davis Hivercon 2003 Router Skullduggery:  The Utility of Network Devices for Attack and ...
2.16 Switch Sniffing <ul><li>00:20:08: IP: s=169.254.151.9 (VLAN1), d=169.254.255.255, len 246, rcvd 1 </li></ul><ul><li>7...
3.1 Poor Man’s NIDS Chris Davis Hivercon 2003 Router Skullduggery:  The Utility of Network Devices for Attack and Defense ...
3.2 Backtracking DoS Chris Davis Hivercon 2003 Router Skullduggery:  The Utility of Network Devices for Attack and Defense...
3.3 Attack Reciprocation Chris Davis Hivercon 2003 Router Skullduggery:  The Utility of Network Devices for Attack and Def...
4.1 Jitney Chris Davis Hivercon 2003 Router Skullduggery:  The Utility of Network Devices for Attack and Defense
5.1 Management Interface Exposure <ul><li>Block Unauthorized Connections </li></ul><ul><li>Deny access to management inter...
5.2 Protecting Data <ul><li>Encrypt Sensitive Traffic </li></ul><ul><li>What more needs be said? </li></ul>Chris Davis Hiv...
5.3 Wishful Thinking <ul><li>Signed Configurations </li></ul><ul><ul><li>Higher Trust </li></ul></ul><ul><ul><li>Strong Au...
Links <ul><li>http:// www.giac.org/practical/Joshua_Wright_GCIH.zip   </li></ul><ul><li>http://www.phenoelit.de/tools/ </l...
Upcoming SlideShare
Loading in …5
×

Presentation(PPT)

1,744 views

Published on

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
1,744
On SlideShare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
17
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide
  • Woodcuts enabled communication to a large number of people. Since most people could not read, mass-produced pictures communicated information that would otherwise be unattainable. Image1: A witch inoculating a man by shooting a twig through his foot. From Ulrich Molitor&apos;s De lanijs et phitonicis mulieribus , Cologne, 1489. Image2: The Hans Holbein Dance of Death. He is mocking Death, by putting his finger in his mouth, and at the same time endeavoring to strike him with his bladder-bauble. Death smiling, and amused at his efforts, leads him away in a dancing attitude, playing on a bag-pipe. Image3: Cart carrying away the dead.
  • No presentation on any information security topic is complete without a discussion of the topic’s impact on risk.
  • These are attacks that apply to any TCP/IP-based network device. This is very brief.
  • These are attacks that apply to any TCP/IP-based network device. This is very brief.
  • Bear in mind that we need to focus on controls that have a high degree of assurance, i.e. controls that have not been shown to be vulnerable to attacks (see Cisco Secure ACS and TACACS+).
  • Presentation(PPT)

    1. 1. Router Skullduggery The Utility of Network Devices for Attack and Defense Chris Davis Hivercon 2003
    2. 2. Contents <ul><li>Philosophical Preliminaries </li></ul><ul><li>Network Devices as Attackers </li></ul><ul><li>Network Devices as Defenders </li></ul><ul><li>Jitney </li></ul><ul><li>Countermeasures </li></ul>Chris Davis Hivercon 2003 Router Skullduggery: The Utility of Network Devices for Attack and Defense
    3. 3. 1.1 Medieval Security Chris Davis Hivercon 2003 Router Skullduggery: The Utility of Network Devices for Attack and Defense Viral epidemics Determination of risk is unscientific Users can be fools
    4. 4. 1.2 Understanding Risk <ul><li>Risk is a function of the likelihood of a given threat-source’s exercising a particular potential vulnerability , and the resulting impact of that adverse event on the organization </li></ul><ul><li>NIST SP 800-30, Risk Management Guide for Information Technology Systems </li></ul>Chris Davis Hivercon 2003 Router Skullduggery: The Utility of Network Devices for Attack and Defense
    5. 5. 1.3 Reducing Risk Chris Davis Hivercon 2003 Router Skullduggery: The Utility of Network Devices for Attack and Defense Inherent risk is the risk of a system in the absence of mitigating controls. Risk is reduced through the implementation of mitigating controls . The amount by which risk is reduced is determined by the control’s effectiveness against known vulnerabilities.
    6. 6. 1.4 Control Effectiveness <ul><li>A control’s effectiveness is measured by its ability to reduce an attack’s probability of success . </li></ul><ul><li>An attack’s probability of success is based upon </li></ul><ul><ul><li>Cost (cracking strong encryption) </li></ul></ul><ul><ul><li>Time (brute-force password guessing) </li></ul></ul><ul><ul><li>Visibility (Internet-accessible tcp/139) </li></ul></ul><ul><ul><li>Prerequisite knowledge (obfuscation) </li></ul></ul>Chris Davis Hivercon 2003 Router Skullduggery: The Utility of Network Devices for Attack and Defense
    7. 7. 2.1 Skullduggery <ul><li>skullduggery (n. see also Scots sculduddery) 1. a devious device or trick, 2. underhanded or unscrupulous behavior. </li></ul><ul><li>Merriam-Webster Online Dictionary </li></ul><ul><li>( http://www.m-w.com ) </li></ul>Chris Davis Hivercon 2003 Router Skullduggery: The Utility of Network Devices for Attack and Defense
    8. 8. 2.2 Brief History of Attacks Part I <ul><li>ARP Poisoning </li></ul><ul><ul><li>Target: Network switches. </li></ul></ul><ul><ul><li>Operating Layer: Ethernet </li></ul></ul><ul><ul><li>Method: Falsified ARP packets are frequently broadcasted to the local network, thereby causing hosts to send packets to the attack host. </li></ul></ul><ul><ul><li>Effect: The attacking host can read and modify data. </li></ul></ul><ul><ul><li>Tools: dsniff, Ettercap, Cain </li></ul></ul>Chris Davis Hivercon 2003 Router Skullduggery: The Utility of Network Devices for Attack and Defense <ul><li>Limitations </li></ul><ul><ul><li>Viewpoint: Local </li></ul></ul><ul><ul><li>Necessary Precision: Low </li></ul></ul><ul><ul><li>Detectability: High </li></ul></ul><ul><ul><li>Bandwidth: Moderate – High </li></ul></ul><ul><ul><li>Latency: Moderate </li></ul></ul>
    9. 9. 2.3 Brief History of Attacks Part II <ul><li>Route Manipulation </li></ul><ul><ul><li>Target: Network routers. </li></ul></ul><ul><ul><li>Operating Layer: TCP/IP </li></ul></ul><ul><ul><li>Method: The route table is modified to redirect packets through the attack host. </li></ul></ul><ul><ul><li>Effect: The attacking host can read and modify data. </li></ul></ul><ul><ul><li>Tools: VIPPR, IRPAS, RPAK, Policy Routing, IP Tunneling (GRE / IPIP) </li></ul></ul>Chris Davis Hivercon 2003 Router Skullduggery: The Utility of Network Devices for Attack and Defense <ul><li>Limitations </li></ul><ul><ul><li>Viewpoint: Local / Remote </li></ul></ul><ul><ul><li>Necessary Precision: Moderate </li></ul></ul><ul><ul><li>Detectability: High </li></ul></ul><ul><ul><li>Bandwidth: High </li></ul></ul><ul><ul><li>Latency: High </li></ul></ul>
    10. 10. 2.4 Traffic Detection router# conf t router(config)# access-list 101 permit tcp any any router(config)# exit router# debug ip packet 101 detail router# no debug ip packet 101 detail Initialize logging Confmode Exit Confmode Start Detection Stop Detection Chris Davis Hivercon 2003 Router Skullduggery: The Utility of Network Devices for Attack and Defense 3w0d: IP: s=172.24.221.131 (Ethernet0), d=172.24.221.193 (Ethernet0), len 41, rcvd 3 3w0d: TCP src=36836, dst=23, seq=1517999349, ack=1908502442, win=12320 ACK PSH 3w0d: IP: s=172.24.221.193 (local), d=172.24.221.131 (Ethernet0), len 41, sending 3w0d: TCP src=23, dst=36836, seq=1908502442, ack=1517999350, win=3929 ACK PSH 3w0d: IP: s=172.24.221.131 (Ethernet0), d=172.24.221.193 (Ethernet0), len 40, rcvd 3 3w0d: TCP src=36836, dst=23, seq=1517999350, ack=1908502443, win=12320 ACK
    11. 11. 2.5 Sniffing via Syslog Chris Davis Hivercon 2003 Router Skullduggery: The Utility of Network Devices for Attack and Defense router# conf t router(config)# logging trap debugging router(config)# logging facility local6 router(config)# logging <syslog server> router(config)# access-list 101 permit icmp any any echo echo-reply router(config)# exit router# debug ip packet 101 dump router# no debug ip packet 101 dump Initialize logging Configuration Mode Set ACLs Exit Confmode Start Sniffing Stop Sniffing
    12. 12. 2.6 Sniffing on a Cisco (Ethernet) Chris Davis Hivercon 2003 Router Skullduggery: The Utility of Network Devices for Attack and Defense router# debug ip packet <ACL> dump 2w3d: IP: s=172.24.221.193 (local), d=172.24.221.10 (Ethernet0), len 84, sending 00607060: 0010 7B385DF6 ..{8]v 00607070: 020006E3 66BA0800 45000054 00004000 ...cf:..E..T..@. 00607080: FF0168AB AC18DDC1 AC18DD0A 0000EB86 ..h+,.]A,.]...k. 00607090: 950A0100 F4A6963F FA840E00 08090A0B ....t&.?z....... 006070A0: 0C0D0E0F 10111213 14151617 18191A1B ................ 006070B0: 1C1D1E1F 20212223 24252627 28292A2B .... !&quot;#$%&'()*+ 006070C0: 2C2D2E2F 30313233 34353637 86 ,-./01234567.
    13. 13. 2.7 Sniffing on a Cisco (Token-Ring) <ul><li>router# debug ip packet <ACL> dump </li></ul><ul><li>2w3d: IP: s=10.20.40.1 (Virtual-TokenRing0), d=10.20.40.1 (Virtual-TokenRing0), len 100, rcvd 3 </li></ul><ul><li>00630620: 0040 40000000 00074000 .@@.....@. </li></ul><ul><li>00630630: 00000007 AAAA0300 00000800 45000064 ....**......E..d </li></ul><ul><li>00630640: 00630000 FF01570C 0A142801 0A142801 .c....W...(...(. </li></ul><ul><li>00630650: 0000F0AF 21B52663 00000000 57E5F59C ..p/!5&c....Weu. </li></ul><ul><li>00630660: ABCDABCD ABCDABCD ABCDABCD ABCDABCD +M+M+M+M+M+M+M+M </li></ul><ul><li>00630670: ABCDABCD ABCDABCD ABCDABCD ABCDABCD +M+M+M+M+M+M+M+M </li></ul><ul><li>00630680: ABCDABCD ABCDABCD ABCDABCD ABCDABCD +M+M+M+M+M+M+M+M </li></ul><ul><li>00630690: ABCDABCD ABCDABCD ABCDABCD ABCDABCD +M+M+M+M+M+M+M+M </li></ul><ul><li>006306A0: 20 </li></ul>Chris Davis Hivercon 2003 Router Skullduggery: The Utility of Network Devices for Attack and Defense
    14. 14. 2.8 Passive Firewall Ruleset Enumeration <ul><li>Method: Track any of the following: </li></ul><ul><ul><ul><li>Successful TCP handshakes </li></ul></ul></ul><ul><ul><ul><li>Matching ingress and egress UDP traffic </li></ul></ul></ul><ul><ul><ul><li>ICMP packets (and their associated </li></ul></ul></ul><ul><ul><ul><ul><li>responses) </li></ul></ul></ul></ul><ul><ul><ul><li>IP protocols </li></ul></ul></ul><ul><li>Effect: The attacking host can passively </li></ul><ul><li>determine a good portion of the firewall’s </li></ul><ul><li>ruleset. </li></ul><ul><li>Detectability: Very low </li></ul>Chris Davis Hivercon 2003 Router Skullduggery: The Utility of Network Devices for Attack and Defense
    15. 15. 2.9 Firewall State Table Determination <ul><li>Method: Track the following </li></ul><ul><ul><ul><li>Source and destination IP addresses </li></ul></ul></ul><ul><ul><ul><li>TCP header data: flags, sequence numbers, </li></ul></ul></ul><ul><ul><ul><li>window sizes, source and destination ports </li></ul></ul></ul><ul><ul><ul><li>UDP source and destination ports </li></ul></ul></ul><ul><ul><ul><li>ICMP types and codes </li></ul></ul></ul><ul><li>Effect: The attacking host can determine the </li></ul><ul><li>active connections permitted by the </li></ul><ul><li>firewall, including internally originated </li></ul><ul><li>traffic. </li></ul><ul><li>Detectability: Very low </li></ul>Chris Davis Hivercon 2003 Router Skullduggery: The Utility of Network Devices for Attack and Defense
    16. 16. 2.10 Stealthy Network Mapping Chris Davis Hivercon 2003 Router Skullduggery: The Utility of Network Devices for Attack and Defense <ul><li>Method: </li></ul><ul><ul><li>Reroute any valid connection through the </li></ul></ul><ul><ul><li>attacking host using IP tunneling and </li></ul></ul><ul><ul><li>policy routing. </li></ul></ul><ul><ul><li>Initially set the TTL on any ingress packet </li></ul></ul><ul><ul><li>to one and send to the destination host. </li></ul></ul><ul><ul><li>Sniff any ICMP type 11 (time exceeded) </li></ul></ul><ul><ul><li>messages destined for the client host, </li></ul></ul><ul><ul><li>increment the TTL, and resend. </li></ul></ul><ul><ul><li>Once the destination responds, </li></ul></ul><ul><ul><li>shutdown the tunnel. </li></ul></ul><ul><li>Effect: The attacking host can map the internal </li></ul><ul><li>network using authorized connections. </li></ul><ul><li>Detectability: Low </li></ul>
    17. 17. 2.11 Packet Injection Chris Davis Hivercon 2003 Router Skullduggery: The Utility of Network Devices for Attack and Defense <ul><li>Method: </li></ul><ul><ul><li>Reroute any valid connection through the </li></ul></ul><ul><ul><li>attacking host using IP tunneling and </li></ul></ul><ul><ul><li>policy routing. </li></ul></ul><ul><ul><li>Modify packet contents as needed for </li></ul></ul><ul><ul><li>either the client or server. </li></ul></ul><ul><ul><li>Teardown tunnel when done. </li></ul></ul><ul><li>Effect: The attacking host can replace </li></ul><ul><li>data with false information or malicious </li></ul><ul><li>code. </li></ul><ul><li>Detectability: Moderate </li></ul>
    18. 18. 2.12 Connection Hijacking Chris Davis Hivercon 2003 Router Skullduggery: The Utility of Network Devices for Attack and Defense <ul><li>Method: </li></ul><ul><ul><li>Reroute any valid connection through the </li></ul></ul><ul><ul><li>attacking host using IP tunneling and </li></ul></ul><ul><ul><li>policy routing. </li></ul></ul><ul><ul><li>Track session parameters. </li></ul></ul><ul><ul><li>Block client access at the router or </li></ul></ul><ul><ul><li>attack host. </li></ul></ul><ul><ul><li>Using last-known good session </li></ul></ul><ul><ul><li>parameters, continue the connection </li></ul></ul><ul><ul><li>with the destination host. </li></ul></ul><ul><li>Effect: The attacking host can take complete </li></ul><ul><li>control of a connection. </li></ul><ul><li>Detectability: Moderate - High </li></ul>
    19. 19. 2.13 Sniffing via Telnet Chris Davis Hivercon 2003 Router Skullduggery: The Utility of Network Devices for Attack and Defense router# conf t router(config)# logging monitor debugging router(config)# access-list 101 permit icmp any any echo echo-reply router(config)# service nagle router(config)# exit router# terminal monitor router# debug ip packet 101 dump router# no debug ip packet 101 dump Configuration Mode Terminal Monitoring Set ACLs Exit Confmode Start sniffing Stop Sniffing Terminal Monitoring Telnet Efficiency
    20. 20. 2.14 Blocked Tunnels Chris Davis Hivercon 2003 Router Skullduggery: The Utility of Network Devices for Attack and Defense Limitations: The border firewall blocks GRE (47) and IPIP (94) protocols, thereby preventing simple route manipulation attacks. Target: Internal routers. Method: Sniff packets on internal router by dumping packets to the terminal. Effect: Traffic on internal networks can be sniffed directly or via compromised hosts. Detectability: Moderate
    21. 21. 2.15 Remote Switch Sniffing Chris Davis Hivercon 2003 Router Skullduggery: The Utility of Network Devices for Attack and Defense Limitations: Router security prevents compromise. Target: Network switches. Method: Sniff packets on switch by dumping packets to the terminal. Effect: Traffic on internal networks can be sniffed directly or via compromised hosts. Detectability: Moderate
    22. 22. 2.16 Switch Sniffing <ul><li>00:20:08: IP: s=169.254.151.9 (VLAN1), d=169.254.255.255, len 246, rcvd 1 </li></ul><ul><li>7004FF50: FFFF .. </li></ul><ul><li>7004FF60: FFFFFFFF 00096B86 FFB60800 450000F6 ......k..6..E..v </li></ul><ul><li>7004FF70: 050C0000 801149E5 A9FE9709 A9FEFFFF ......Ie)~..)~.. </li></ul><ul><li>7004FF80: 008A008A 00E2069E 110E80CD A9FE9709 .....b.....M)~.. </li></ul><ul><li>7004FF90: 008A00CC 00002046 41454945 4D455046 ...L.. FAEIEMEPF </li></ul><ul><li>7004FFA0: 44464443 41434143 41434143 41434143 DFDCACACACACACAC </li></ul><ul><li>7004FFB0: 41434143 41434100 20464845 50464345 ACACACA. FHEPFCE </li></ul><ul><li>7004FFC0: 4C454846 43455046 46464143 41434143 LEHFCEPFFFACACAC </li></ul><ul><li>7004FFD0: 41434143 41434142 4E00FF53 4D422500 ACACACABN..SMB%. </li></ul><ul><li>7004FFE0: 00000000 00000000 00000000 00000000 ................ </li></ul><ul><li>7004FFF0: 00000000 00000000 00001100 00320000 .............2.. </li></ul><ul><li>70050000: 00000000 000000E8 03000000 00000000 .......h........ </li></ul><ul><li>70050010: 00320056 00030001 00000002 0043005C .2.V.........C. </li></ul><ul><li>70050020: 4D41494C 534C4F54 5C42524F 57534500 MAILSLOTBROWSE. </li></ul><ul><li>70050030: 010080FC 0A005048 4C4F5353 00006600 ...|..PHLOSS..f. </li></ul><ul><li>70050040: 74000000 35000501 03120100 0F0155AA t...5.........U* </li></ul><ul><li>70050050: 476F6F64 206F7261 6C206879 6765696E Good oral hygein </li></ul><ul><li>70050060: 650020 e. </li></ul>Chris Davis Hivercon 2003 Router Skullduggery: The Utility of Network Devices for Attack and Defense
    23. 23. 3.1 Poor Man’s NIDS Chris Davis Hivercon 2003 Router Skullduggery: The Utility of Network Devices for Attack and Defense Applicability: Small remote networks where it is cost-prohibitive to install a dedicated NIDS sensor. Method: Sniff all traffic matching the ‘default deny’ rule on the border router. Security Benefit An attacker’s initial attempts will be caught by a NIDS sensor. Bandwidth Consumption: 2*(Attack Traffic) Effectiveness: Will only provide early waning signs such as port scans, traceroutes. Increasing Effectiveness: Dynamically reroute traffic through NIDS based on early warning signs. Limitations: Cannot inspect authorized traffic.
    24. 24. 3.2 Backtracking DoS Chris Davis Hivercon 2003 Router Skullduggery: The Utility of Network Devices for Attack and Defense Applicability: Bandwith-consumption DoS attacks. Method: Start with the routers nearest to the DoS target. Reroute DoS target traffic to an analysis host using GRE or IPIP tunnels. Determine which router forwards the most DoS traffic, then proceed to analyze the next hop beyond that router. Continue until the source of the attack is determined. Security Benefit: The DoS source network can be identified and traffic flow can be blocked. Normal operations can thereby resume. Effectiveness: Depends on analysis engine implementation. Theoretically, the DoS source could be identified within minutes. Limitations: Does not identify DoS traffic.
    25. 25. 3.3 Attack Reciprocation Chris Davis Hivercon 2003 Router Skullduggery: The Utility of Network Devices for Attack and Defense Applicability: Targeted attacks. Method: Once an attack is identified, reroute the attacker through the reciprocating host. Provide bogus data to the attacker, possibly even malicious code that the attacker may execute. Security Benefit: Valuable information about the attacker can be captured for the purposes of investigation. Effectiveness: Depends on the effort given to make reciprocation transparent to the attacker. This type of response should is only feasible for very high criticality systems. Limitations: Depends heavily on the ability to identify active attacks and the creativity of the reciprocating security team.
    26. 26. 4.1 Jitney Chris Davis Hivercon 2003 Router Skullduggery: The Utility of Network Devices for Attack and Defense
    27. 27. 5.1 Management Interface Exposure <ul><li>Block Unauthorized Connections </li></ul><ul><li>Deny access to management interfaces at the border and at any access point (router, switch, firewall, etc). </li></ul>Chris Davis Hivercon 2003 Router Skullduggery: The Utility of Network Devices for Attack and Defense Block All Connections Only allow network management connections via a terminal server.
    28. 28. 5.2 Protecting Data <ul><li>Encrypt Sensitive Traffic </li></ul><ul><li>What more needs be said? </li></ul>Chris Davis Hivercon 2003 Router Skullduggery: The Utility of Network Devices for Attack and Defense
    29. 29. 5.3 Wishful Thinking <ul><li>Signed Configurations </li></ul><ul><ul><li>Higher Trust </li></ul></ul><ul><ul><li>Strong Authentication </li></ul></ul><ul><ul><li>PKI integration (inter-ISP traffic control?) </li></ul></ul>Chris Davis Hivercon 2003 Router Skullduggery: The Utility of Network Devices for Attack and Defense <ul><li>Reduced IOS Builds </li></ul><ul><ul><li>Excludes debugging functionality </li></ul></ul>Cisco Internetwork Operating System Software IOS (tm) 2500 Software (C2500-IO-L-NODEBUG), Version 12.0(9), RELEASE SOFTWARE (fc1) Copyright (c) 1986-2000 by cisco Systems, Inc. Compiled Mon 24-Jan-04 23:45 by bettyl Image text-base: 0x030325B0, data-base: 0x00001000
    30. 30. Links <ul><li>http:// www.giac.org/practical/Joshua_Wright_GCIH.zip </li></ul><ul><li>http://www.phenoelit.de/tools/ </li></ul><ul><li>http:// www.phrack.org/show.php?p =56&a=10 </li></ul>Chris Davis Hivercon 2003 Router Skullduggery: The Utility of Network Devices for Attack and Defense

    ×