Home page logo
/

pen-test logo Penetration Testing mailing list archives

Re: [PEN-TEST] ios/cisco packet sniffer...
From: Joe Shaw <jshaw () INSYNC NET>
Date: Sat, 25 Nov 2000 10:28:55 -0600

On Sat, 25 Nov 2000, van der Kooij, Hugo wrote:

One good way to do a packet dump on a Cisco is:

    router(config)#access-list 199 permit ip <source> <mask> <destination> <mask>
    router(config)#access-list 199 permit ip <destination> <mask> <source> <mask>
    router(config)#end
    router# debug ip packet 199 dump

Will dump packets destined to and from 192.168.0.1.

Don't use it too liberal. Your router is now left for DoS attack. Unless
you have a high CPU vs bandwidhth ratio a simple portscan will render your
router useless. (Customer thought he was smart. However I shot his router
straight out of the sky the moment I started a noisy test.)

Actually, using debugging alone can bring a Cisco to it's knees if you are
not careful.  The best way to try and hinder someone dropping your router
at this or any point, like in a small packet flood which will generally
send the CPU through the roof, is to institute process scheduling.  I
believe it only works on 7200 and up platforms running IOS 11.2 and later,
but it is useful.  The best part about it is that it's very tweakable.

--
Joseph W. Shaw
Sr. Network Security Specialist for Big Company not to be named.
I have public opinions, and they have public relations.


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]