[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [Full-Disclosure] cisco acl
- To: "isa vaul" <nonleft@gmx.net>
- Subject: RE: [Full-Disclosure] cisco acl
- From: "Patrick Doyle" <patrick.doyle@bbc.co.uk>
- Date: Fri, 5 Dec 2003 14:10:08 -0000
You can issue "show ip access-lists" to show the current access-lists
configured on your router.
Also "show running-config" displays the current loaded config in RAM.
"show running-config | begin access-list" will take you to the portion of the
config where your access list entries begin.
You should configure AAA and TACACS+ on you routers, this way you can see when
certain commands were issued such "enable secret <new password>" etc. from you
accounting logs
TACACS+ gives you centralised control of username and passwords for your
routers / switches, as well as other stuff.
You can have the tac_plus binary running on a locked down server, or two
servers for redundancy
This would make it difficult for someone to change username and passwords, if
AAA is configured correctly, they would first have to stop your router talking
tacacs to your tacacs server, then try and gues the local username and password.
tac_plus is a freeware tacacs server available on cisco.com
Hope this helps.
Paddy
-----Original Message-----
From: full-disclosure-admin@lists.netsys.com
[mailto:full-disclosure-admin@lists.netsys.com]On Behalf Of isa vaul
Sent: 05 December 2003 12:46
To: full-disclosure@lists.netsys.com
Subject: [Full-Disclosure] cisco acl
Hello full-disclosure,
I've got a little problem with a cisco router.
It has obviously been compromised. How do i know, well the password
has changed. So I want to retrieve the ACL from the RAM (not NVRAM)
to see what else maybe got compromised.
Does anyone know how this could be done?
thanks for any suggestions in advance...
--
Best regards,
nonleft mailto:nonleft@gmx.net
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
BBCi at http://www.bbc.co.uk/
This e-mail (and any attachments) is confidential and may contain personal
views which are not the views of the BBC unless specifically
stated.
If you have received it in error, please delete it from your system. Do not
use, copy or disclose the information in any way nor act in
reliance on it and notify the sender immediately. Please note that the BBC
monitors e-mails sent or received.
Further communication will signify your consent to this.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html