lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <784830955.20031205163054@gmx.net>
From: nonleft at gmx.net (isa vaul)
Subject: cisco acl

Hello petard,

Friday, December 5, 2003, 3:35:19 PM, you wrote:

p> On Fri, Dec 05, 2003 at 01:45:31PM +0100, isa vaul wrote:
>> Hello full-disclosure,
>> 
>>   I've got a little problem with a cisco router.
>>   It has obviously been compromised. How do i know, well the password
>>   has changed. So I want to retrieve the ACL from the RAM (not NVRAM)
>>   to see what else maybe got compromised.
>>   Does anyone know how this could be done?
>> 
>>   thanks for any suggestions in advance...
p> You'll probably get better answers if you:

p> 1. google for "cisco router forensics"
p> 2. ask this question to a cisco list
p> 3. ask this question to cisco tech support. they're quite good.

p> Assuming you've determined the changed password and the enable password, the command:
p> # show running-config
p> will display the current configuration from RAM, including any ACLs
p> IIRC.

p> HTH,
p> petard

p> --
p> If your message really might be confidential, download my PGP key here:
p> http://petard.freeshell.org/petard.asc
p> and encrypt it. Otherwise, save bandwidth and lose the disclaimer.

thanks for all the replies.
and i am aware of the 3 given possibilities.
but i thought maybe someone on the list has some quick answer as
well?!? and as it is a little urgent i just wanted to give it a try!

Unfortunately I do not know the new password! otherwise there wouldn't
be a problem at all.
and more unfortunately it is not my network and had nothing to do with
the setup.  or else i would have, as Mort pointed out, a tftp in
place.

-- 
Best regards,
 nonleft                            mailto:nonleft@....net

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ