Hacking Exposed Cisco Networks 

1 2 3

• 1. Hacking Exposed Cisco Networks: Cisco Security Secrets Solutions

• 2. Back Cover

• 3. About

• 4. Foreword

• 5. Case Study

• 6. Introduction

  THE PECULIARITIES AND HARDSHIPS OF CISCO-RELATED ATTACKS AND DEFENSES

• 7. ALL THE POWER OF HACKING EXPOSED AND MORE

  ALL THE POWER OF HACKING EXPOSED AND MORE Easy to Navigate The Companion Web Site

• 8. HOW THE BOOK IS ORGANIZED

  HOW THE BOOK IS ORGANIZED Part I. Foundations Part II. I Am Enabled: Hacking the Box Part III. Protocol Exploitation in Cisco Networking Environments Part IV. Appendixes

• 9. A FINAL MESSAGE TO OUR READERS

  A FINAL MESSAGE TO OUR READERS

• 10. Part I: Foundations

  Chapter List

• 11. Chapter 1: Cisco Network Design Models and Security Overview

  OVERVIEW

• 12. CISCO NETWORK DESIGN MODELS: A SECURITY PERSPECTIVE

  CISCO NETWORK DESIGN MODELS: A SECURITY PERSPECTIVE The Flat Earth Model The Star Model The Two-Tier Model The Ring Model The Mesh and Partial Mesh Model Network Security Zones IDS Sensor Deployment Guidelines

• 13. CISCO HIERARCHICAL DESIGN AND NETWORK SECURITY

  CISCO HIERARCHICAL DESIGN AND NETWORK SECURITY The Core Layer The Distribution Layer The Access Layer

• 14. SUMMARY

  SUMMARY

• 15. Chapter 2: Cisco Network Security Elements

  OVERVIEW

• 16. COMMON CISCO DEVICE SECURITY FEATURES

  COMMON CISCO DEVICE SECURITY FEATURES

• 17. CISCO FIREWALLS

  how to bypass cisco packet blocking for online game

• 18. CISCO SECURE IDS AND ATTACK PREVENTION

  CISCO SECURE IDS AND ATTACK PREVENTION Hardware Standalone IDS Sensors Modular IDS Sensors Cisco IOS IDS Software Cisco PIX Firewalls as IDS Sensors Cisco Traffic Anomaly Detector XT 5600 Cisco Secure IDS Management Consoles

• 19. CISCO VPN SOLUTIONS

  CISCO VPN SOLUTIONS IPSec PPTP

• 20. CISCO AAA AND RELATED SERVICES

  CISCO AAA AND RELATED SERVICES Overview of AAA Methodology Cisco and AAA

• 21. SECURITY IMPLICATIONS OF CISCO INTERNETWORK DESIGN AND SECURITY ELEMENTS

  SECURITY IMPLICATIONS OF CISCO INTERNETWORK DESIGN AND SECURITY ELEMENTS

• 22. SUMMARY

  SUMMARY

• 23. Chapter 3: Real-World Cisco Security Issues

  OVERVIEW

• 24. WHY DO HACKERS WANT TO ENABLE YOUR BOX?

  WHY DO HACKERS WANT TO ENABLE YOUR BOX? What Attackers Gain

• 25. CISCO APPLIANCES AND NETWORKS: AN ATTACKER S PERSPECTIVE

  CISCO APPLIANCES AND NETWORKS: AN ATTACKER S PERSPECTIVE Attacking Network Protocols Hiding Tracks and Forensics on Routers and Switches

• 26. CISCO NETWORK DEVICE SECURITY AUDITING AND PENETRATION TESTING FOUNDATIONS

  CISCO NETWORK DEVICE SECURITY AUDITING AND PENETRATION TESTING FOUNDATIONS The Evaluation Process

• 27. SUMMARY

  SUMMARY

• 28. Part II: I Am Enabled-- Hacking the Box

  Chapter List

• 29. Chapter 4: Profiling and Enumerating Cisco Networks

  ONLINE SEARCHING AND CISCO GOOGLEDORKS Basic Searching Searching Using Google Operators

• 30. ROUTING ENUMERATION

  ROUTING ENUMERATION Autonomous System Discovery and Mapping: BGPv4 Interrogation

• 31. ROUTING DOMAIN NUMBER DISCOVERY AND NETWORK MAPPING FOR IGPS

  ROUTING DOMAIN NUMBER DISCOVERY AND NETWORK MAPPING FOR IGPS Enumerating OSPF Analyzing OSPF Enumeration Data Countermeasures for IGP Enumeration

• 32. SUMMARY

  SUMMARY

• 33. Chapter 5: Enumerating and Fingerprinting Cisco Devices

  OVERVIEW

• 34. SNIFFING FOR CISCO-SPECIFIC PROTOCOLS

  SNAP HDLC protocol type 0x2000 read howto

• 35. ACTIVE ENUMERATION AND FINGERPRINTING OF CISCO DEVICES

  ACTIVE ENUMERATION AND FINGERPRINTING OF CISCO DEVICES Active Enumeration and Fingerprinting of Catalyst Switches Active Enumeration and Fingerprinting of Other Cisco Appliances Using IOS 11.X Memory Leak to Enumerate Remote Cisco Routers Hiding Your Machine from Prying Eyes: Enumeration and Fingerprinting Countermeasures Knock Knock Who s There? Portscanning OS Fingerprinting and Their Detection on Cisco Machines

• 36. SUMMARY

  SUMMARY

• 37. Chapter 6: Getting In from the Outside--Dead Easy

  OVERVIEW

• 38. PASSWORD ATTACKS

  PASSWORD ATTACKS Mass GuessingBruteforcing Attacks Against Open Cisco Telnet Servers Password Guessing and Bruteforcing Attacks Against Other Open Cisco Services Countermeasures to Cisco Appliance Password-Guessing Attacks

• 39. SNMP COMMUNITY GUESSING, EXPLOITATION, AND SAFEGUARDS

  Opera/9.80 (Windows NT 5.1, U, en) Presto/2.8.131 Version/11.10 hp switch snmp write tftp .1.3.6.1.4.1.9.2.1.55

• 40. EXPLOITING TFTP SERVERS TO TAKE OVER CISCO HOSTS

  EXPLOITING TFTP SERVERS TO TAKE OVER CISCO HOSTS Enumerating TFTP Servers Sniffing Out Cisco Configuration Files Bruteforcing TFTP Servers to Snatch Configs Countermeasures Against TFTP-Related Attacks

• 41. CISCO DEVICE WARDIALING

  CISCO DEVICE WARDIALING Cisco Router Wardialing 101: Interfaces Configurations and Reverse Telnet Discovering the Numbers to Dial In Getting into a Cisco Router or an Access Server Countermeasures for Wardialing Security

• 42. SUMMARY

  SUMMARY

• 43. Chapter 7: Hacking Cisco Devices--The Intermediate Path

  OVERVIEW

• 44. A PRIMER ON PROTOCOL IMPLEMENTATION INVESTIGATION AND ABUSE: CISCO SNMP ATTACKS

  A PRIMER ON PROTOCOL IMPLEMENTATION INVESTIGATION AND ABUSE: CISCO SNMP ATTACKS SimpleTester and SimpleSleuth Oulu University PROTOS Project From SNMP Fuzzing to DoS and Reflective DDoS From SNMP Stress Testing to Nongeneric DoS Hidden MenaceUndocumented SNMP Communities and Remote Access Getting In via Observation Skills Alone Advanced Countermeasures Against Cisco SNMP Attacks Brief SNMPv3 Security Analysis

• 45. A PRIMER ON DATA INPUT VALIDATION ATTACK CISCO HTTP EXPLOITATION

  A PRIMER ON DATA INPUT VALIDATION ATTACKCISCO HTTP EXPLOITATION Basics of Cisco Web Configuration Interface Data Input Validation Web Interface Attack Basics Cisco IOS HTTP Administrative Access Countermeasures to IOS HTTP Administrative Access Cisco ATA-186 HTTP Device Configuration Disclosure Countermeasure to Device Configuration Disclosure VPN Concentrator HTTP Device Information Leakage Countermeasure to Information Leakage

• 46. OTHER CISCO HTTPD FLAWS--A MORE SOPHISTICATED APPROACH

  OTHER CISCO HTTPD FLAWSA MORE SOPHISTICATED APPROACH Cisco IOS 2GB HTTP GET Buffer Overflow Vulnerability Countermeasures to the HTTP GET Buffer Overflow Vulnerability ASSESSING SECURITY OF A CISCO WEB SERVICE SPIKE and Its Relatives The Peach Fuzzer Countermeasures to Fuzzer Utilities

• 47. SUMMARY

  SUMMARY

• 48. Chapter 8: Cisco IOS Exploitation--The Proper Way

  OVERVIEW

• 49. CISCO IOS ARCHITECTURE FOUNDATIONS

  CISCO IOS ARCHITECTURE FOUNDATIONS Cisco IOS Memory Dissection

• 50. AN EXPLOITATION PRIMER: IOS TFTP BUFFER OVERFLOW

  AN EXPLOITATION PRIMER: IOS TFTP BUFFER OVERFLOW Defeating Check Heaps

1 2 3