Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Router forensics

3,832 views

Published on

a presentation on router forensics,and some basics of router

Published in: Engineering
  • Don't forget another good way of simplifying your writing is using external resources (such as ⇒ www.HelpWriting.net ⇐ ). This will definitely make your life more easier
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • Writing a good research paper isn't easy and it's the fruit of hard work. For help you can check writing expert. Check out, please ⇒ www.WritePaper.info ⇐ I think they are the best
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • Have you ever used the help of ⇒ www.HelpWriting.net ⇐? They can help you with any type of writing - from personal statement to research paper. Due to this service you'll save your time and get an essay without plagiarism.
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • Sie können Hilfe bekommen bei ⇒ www.WritersHilfe.com ⇐. Erfolg und Grüße!
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • Você pode obter ajuda de ⇒ www.boaaluna.club ⇐ Sucesso e cumprimentos!
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here

Router forensics

  1. 1. TARUNA SINGH 1208213035
  2. 2. AGENDA  Introduction  Overview of Routers  Router Attack Topology  Common Router Attacks  Performing Forensics  Incidence Investigation  Accessing the Router  Documentation  What are the “BAD GUYS” doing  What are the “GOOD GUYS” doing  Why do we need to protect Router Resources  Why do we need outer Forensics
  3. 3. INTRODUCTION It is the application of proven scientific methods and techniques in order to recover data from routers in case of an intruder attack and apply forensics( law enforcement, documentation of the incidence) .
  4. 4. WHAT IS ROUTER? A computer that specializes in sending packets over the data network. They are responsible for interconnecting n/w by selecting the best path for a packet to travel to their destinations.
  5. 5. HOW DOES ROUTER WORK Routers forward data packets from one router to another using various routing protocols and routing table, to choose the optimum path. The routing table may contain various fields.
  6. 6. COMMUNICATION WITH ROUTERS  Through local cable  Through modem  Through terminal emulation software
  7. 7. ROUTER COMPONENTS  ROM  POST  IOS  RAM  Flash memory  NVRAM
  8. 8. PORTS ON ROUTER  LAN Ports  WAN Ports  Administrative ports -Console ports -Auxiliary ports
  9. 9. MODES OF ROUTER  Setup Mode  User Mode  Privileged Mode  Global Configuration Mode  Interface Mode
  10. 10. ROUTER ATTACK TOPOLOGY Reconnaissance Scanning and enumeration Gaining access Escalation of privilege Maintaining access Covering tracks and placing backdoors
  11. 11. COMMON ROUTER ATTACKS Denial of Service Attacks Packet Mistreating Attacks Routing Table Poisoning Hit and Run Attacks Persistent Attacks
  12. 12. PERFORMING FORENSICS Collection Examination Analysis Reporting
  13. 13. GATHER VOLATILE ROUTER DATA Connect to console port for this need cable and laptop with terminal emulation software. Record System Time and determine who is logged on Save the router configuration. Review the routing table to detect malicious static routes modified by attacker. View the ARP cache for evidence for IP or MAC spoofing
  14. 14. INCIDENCE INVESTIGATION Direct compromise: via physical access, listening services, password guessing by TFTP, console access Routing table manipulations: by modifying routing protocols( RIP, IGRP), review routing table with “show IP route” Theft of Information: via access control and network topology DoS: resource and bandwidth consumption reduces functionality and n/w bandwidth
  15. 15. Contd... FOR RECOVERY: Eliminate listening services Upgrade of software Access restriction Authentication Change all passwords Avoid password reuse Remove static routing entries
  16. 16. ACCESSING THE ROUTER DO  Access the router through the console  Record your entire console session  Run show commands  Record the actual time and the router’s time  Record the volatile information DON’T  REBOOT THE ROUTER  Access the router through the network  Run configuration commands  Rely only on persistent information
  17. 17. DOCUMENTATION  Chain of Custody: to prove the integrity of the evidence  Case reports: employee remediation, employee termination ,civil proceedings, criminal prosecution, case Summary, bookmarks  Incident response: it is the effort of an organisation to define and document the nature and scope of a computer security incident.
  18. 18. WHAT THE “BAD GUYS” ARE DOING Internet Router Protocol Attack Suite (IRPAS): A suite of tools designed to abuse inherent design insecurity in routers and routing protocols –Tools: ass, igrp, hsrp VIPPR: Can be used to establish MITM for compromised routers UltimaRatio: Working exploit tool for use against 1000, 1600/1700 and 2600 series routers Research
  19. 19. WHAT THE GOOD GUYS ARE DOING Router Audit Tool (RAT): Written in Perl, highly customizable, Passive tool to analyze a Cisco router, Scores the overall security of your router, Support for Unix and Windows systems Books, white papers on securing routers Employ strong authentication: encrypted traffic mgmt, two phase authentication, centralised authentication source.
  20. 20. WHY WE NEED TO PROTECT ROUTER RESOURCES Often the “heart” of the network Gaining a lot more attention from attackers Few procedures on hardening routers Routers are much slower to get upgraded to solve security bugs Few people monitor their configurations regularly Few security measures in place There are millions of them
  21. 21. NEED FOR ROUTER FORENSICS Operational Troubleshooting Log Monitoring Data Recovery Data Acquisition Due Diligence/Regulatory compliance

×