How discovers Cisco router |http://www.cshu.net




                               About us 
                               Commercial cooperation 
                               Copyright declaration 
                               Contacts with us 



            Returns to the home pageArticle browsingOther columnsLands the forum


            |   The absolute &#21019;   |   |   hacker file   |   |   is newest 
            dynamically   |   
                  How  | the hackerfile>> invasionanalysis >> discovers the 
                  Cisco router  Printing

            How discovers the Cisco router
            Www.cshu.net  2003-1-19  fog rain village 

              Occupies 70% market share Cisco router to have a kind of problem, 
              for instance IOSLOGON, with HISTORY bug, causes the user to be 
              allowed easily long-distance to distinguish Cisco the router 
              product. Its uses the port is 1999: 
              >tcp-id-port 1999/tcp cisco identification port
              >tcp-id-port 1999/udp cisco identification port
              Generally, moves the IOS code Cisco product to 1,999 ports to 
              request makes the response and other ports are different, for 
              instance 2000:
              [ Computer ] [ Cisco ]
              SYN port 2,000 --------> 
              <-------- RST, ACK
              ..................
              [ Computer ] [ Cisco ]
              SYN port 1,999 --------> 
              In the general response package personally meets has contains 
              "Cisco" character information <------- RST, ACK
              This enables the people to be allowed to find the Cisco router
              Through uses to scan the tool to scan the big section IP address 
              the procedure, even if cisco switches off the telnet port, the 
              people also may very easily discover which are is running
              Cisco network product. Already some people developed specially 
              searched the cisco router the tool.
              Certainly, if you knew some address is the router, the login 
              prompt or "nmap -O" can tell you it is the Cisco router. But 1,999 
              ports problems actually may let the people obtain a Cisco router 
              distribution with the aid of the tool the detailed list.
              Solution:
              Blocks TCP correspondence which on 1,999 all comes in
              Actually this only is a part, a more serious problem which Cisco 
              faces is (CDP) causes by Cisco Discover protocol, port 
              1,999 merely tells the others the router is any sign, but Cisco 
              Discover 
              Protocol (CDP) causes it always previous periodically to broadcast 
              some information to Lan, including uses software the information 
              and the edition, uses the operating system type with the machine, 
              but also can demonstrate the neighboring CDP equipment tabulating.
              The correlation two problems, please refer:
              Http://www.cisco.com/warp/public/770/ioslogin-pub.shtml
              Http://www.cisco.com/warp/public/770/ioshist-pub.shtml
              Note: A IOs problem
              The Cisco router 514 ports (syslog) accommodates very much 
              vulnerable, so long as sends some wrong UDP package to be allowed 
              to let the router service collapse or hang up
              Cisco moves the IOs product to have;
              * Cisco routers in the AGS/MGS/CGS/AGS+, IGS, RSM, 8xx, ubr9xx, 
              1xxx,
              25xx, 26xx, 30xx, 36xx, 38xx, 40xx, 45xx, 47xx, AS52xx, AS53xx, 
              AS58xx,
              64xx, 70xx, 72xx (including the ubr72xx), 75xx, and 12xxx series.
              * Most recent versions of the LS1010 ATM switch.
              * Some versions of the Catalyst 2900XL LAN switch.
              * The Cisco DistributedDirector. 



              Original author: N/a 
              Origin: N/a 
              Altogether has 85 readers to read this article 

              [Tells friend] 
            Previous article:Xynph FTP the Server relative way table of contents 
            spreads the calendar loophole 

            Next article:High-level cushion overflow use 

            - this week popular article - related article 
            How discovers the Cisco router



      CSHU 
