Wednesday, February 28, 2007

Security Awareness

Check it out. Scanit is on the news again.

Monday, February 26, 2007

Don'ts for Cisco router p1

Just compiled a list of services i used to check when i audit a Cisco router. Of course, there are lots more, but for now, i will just provide the basics. Enjoy and email me if there are any questions.

no cdp enable (Disbale cdp. It is susceptible to spoofing and DoS. Need Proof of Concept? Email me)

no ip unreachables (Disables ICMP unreachable messages)

no ip source-route (Disables source routing)

no service finger (Disables the finger daemon on the router. Finger has always been a problem source; it lets attackers know who is logged in and provides the user's real username)

no service udp-small-servers ( Disables all small UDP and TCP services on your router (echo, chargen, and some others))

no service tcp-small-servers (Same as udp-small-servers)

no snmp-server (Disable SNMP if not in use. SNMP provides lotsa juicy info when being enumerated)

no ip http server (Disable the internal http web server of the Cisco devices)

no service config (Disables the loading of remote configs files)

no ip bootp server (Disables the bootp server)

no tftp-server (Only enable this if you absolutely need the service, else disable it)

no ip directed-broadcast (Direct broadcasts allow smurf attacks)

no ip proxy-arp (Disable proxy-arp to prevent extending a LAN to multiple segments)

Saturday, February 24, 2007

Cisco Street Commands p1

Basic Cisco IOS Router Management

[ To save the current running configuration to the startup configuration in NVRAM, issue
cisco#copy running-config to startup-config
Alternatively, you can also issue
cisco#write memory
The router's configuration information is stored in a device called the Nonvolatile RAM (NVRAM), and the IOS images are stored in a device called the flash. It's important to keep these names straight because all flash memory is nonvolatile RAM. Most routers use Flash technology for their nonvolatile RAM. So it's easy to get confused by the terms. ]

[ To load a configuration file via TFTP to the Router
cisco#copy tftp:// running-config
This will load the configuration file myconfig from TFTP server to the running-config of the Router. ]

[ To backup copy of your router's config file to TFTP server
If you are using a Unix system, please follow the steps below
1. touch /tftpboot/configfilefolder (create a configfilefolder)
2. chmod 666 /tftpboot/router1-confg (change the permission settings to read and write)
3. telnet or ssh into the router
4. enter into the enable mode
5. cisco#copy running-config tftp:// ]

[ Store files larger than NVRAM. You can compress your router's configuration file before saving it to NVRAM to allow you to save more configuration information. The command service compress-config will compress the configuration information when the router saves the file, and uncompress it when it is required

cisco#configure t
cisco(config)#service compress-config

Turning on compression roughly doubles the size of the configuration file you can store. You have to put the command service compress-config into the configuration with a configure terminal. Then, for this command to take effect, you need to copy the running configuration file to NVRAM.

cisco#copy running-config startup-config

Issue the show version command to check how much total NVRAM storage is available on the router. ]

[ To reset the router to factory default state
cisco#erase nvram:
cisco#erase startup-config

Issue the show startup-config to check the settings. At this point, the router's configuration has been returned to the factory defaults. ]

[ To download a new IOS version into the router's flash memory
cisco#copy tftp:// flash:
Once the router had verified the checksum, reboot the router as follow:
cisco# reload
Use the show version command to see the new settings.
Make sure that the router has available free space in the flash before loading the new IOS image. You can use the show flash command to see how much flash memory is available. ]

[ To specify which IOS image the router should load next time it reboots, use the boot system command
cisco#configure terminal
cisco(config)#boot system flash:image1.bin
cisco(config)#boot system flash:image2.bin
cisco(config)#boot system slot0:image3.bin (PCMCIA flash card in slot0)
cisco(config)#boot system rom (Load the image from ROM)

To locate boot system commands, issue:
cisco#show running-config include ^boot ]

[ You can partition a router's flash memory by issueing:
cisco#configure terminal
cisco(config)#partition slot1: 2 8 8
cisco(config)#end ]

[ You can configure your router to act as a tftp server by issueing the following commands:
cisco#configure terminal
cisco(config)#access-list 23 permit
cisco(config)#access-list 23 deny any
cisco(config)#tftp-server flash:image1.bin 23

The ability to use a router as a TFTP server can be quite useful. We have often used this feature to upgrade several routers that are separated from the TFTP server by slow WAN connections. In situations like this, you can upgrade one of the remote routers by using TFTP over the slow WAN connection. Then you can configure the first router to act as a TFTP server, and use it to upgrade the remaining routers over high-speed local links. ]

[ Using FTP from the router
cisco#configure terminal
cisco(config)#ip ftp username cisco
cisco(config)#ip ftp password cisco123
cisco#copy ftp: running-config ]

[ Reload the router with minimal service interruption, to enable warm reload, issue the command as follows:
cisco#configure terminal

To view the configuration status of the warm reboot feature
cisco#show warm-reboot

To perform a manual warm reboot of the router
cisco#reload warm ]

[ To prevent multiple concurrent users from making configuration changes at the same time.
cisco#configure terminal
cisco(config)#configuration mode exclusive auto

Show the status of the configuration lock by issuing the following command
Router1#show configuration lock ]

Friday, February 23, 2007

Cisco Headquarters

Cisco Headquarters. This blog will incorporate most of the core technology and their respective IOS commands to get the job done. I dedicate this blog to anyone who never had a chance to go to the University, yet hardworking and continue to strive.
Posted by Picasa

My First Post

My first official post. I not going to write exploits nor post vulnerabilities on this blog. Instead, i am going to post Cisco IOS commands that are frequently used to perform tasks. This will save network administrators going through the hassle of reading loads and loads of bulky documents. At times, i will also post free books and all of you can send request to my email to receive a copy. I will try my best to keep this blog updated with new commands and topics. Feel free to give comments.

Lets take network security to the streets....