[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Cisco vulnerabilities?

To: [email protected]
Subject: Cisco vulnerabilities?
From: [email protected] (Paul Ferguson)
Date: Wed, 25 Aug 93 21:05:54 EDT
Organization: Sytex Communications, Inc

On Thu, 26 Aug 93 21:17:16 -0600,
 L. Detweiler <uunet!longs.lance.colostate.edu!ld231782> wrote -
 
> ===cut=here===
>
> Date: Wed, 25 Aug 1993 12:56:54 -0700 (PDT)
> From: Al Whaley <[email protected]>
> Subject: Cisco routers
>
> Rumors abound that Cisco routers have a back door; that is when
> a TCP port is disabled, it can still be accessed from Cisco's
> IP number.
>
> I have personally verified this with the sendmail port.
>
> Al Whaley        [email protected]       +1-415 322-5411(Tel), -6481 
(Fax)
> Sunnyside Computing, Inc., PO Box 60, Palo Alto, CA 94302
>
 
 Sure, they have a backdoor -- it's called unsecured ports and
 lackidaisical security.
 
 Cisco routers don't really have "TCP" ports, per se. They have
 ethernet ports, or token ring ports, v.35 serial ports, and
 dial-up rs-232 for fail-safe configuration when some idiot drops
 your feed at the local rboc and you need to "look into" your net.
 
 If the "entrance" passwords are enabled properly, then I feel quite
 sure that this threat is minimal. However, I have learned recently
 that some facets of SNMP encapsulation can exploit _management_ but
 can not, however exploit the configuration of the router. It can add
 to the traffic overhead.
 
 Also, there is an additional "enable" password for configuration
 modification, such as changing IP addresses of the ethernet or serial
 interfaces (ports) and saving the configuration to NVRAM.
 
 I had a guy adamantly try to convince me the other day that the
 (Cisco) routers were in jeopardy because of the ability to TFTP
 a new (albeit, damaging) operating system directly into NVRAM
 (a sleight of hand), rendering the box useless. It can be done,
 in fact, Cisco would have to ship me a whole new box overnight
 if it happened, but if I mind my P's and Q's (read: adhere to
 proper security), he's pissin' in the wind.
 
 ;-)
 
 Cheers,

Paul Ferguson               |  "Government, even in its best state,
Network Integrator          |   is but a necessary evil; in its worst
Centreville, Virginia USA   |   state, an intolerable one."
[email protected]             |      - Thomas Paine, Common Sense
 
Type bits/keyID   Date       User ID
pub  1024/1CC04D 1993/03/15  Paul Ferguson <[email protected]>
  Key fingerprint =  EE D2 93 7D 04 6D C6 05  AC 36 AD 9D 8E 4F 41 58

Prev by Date: Re: What, Me Worry?
Next by Date: Physical security lapses will getcha every time.
Prev by thread: Re: Plausible Spookiness
Next by thread: Physical security lapses will getcha every time.
Index(es):
- Date
- Thread