>Cisco Note: >--------- >It is documented that cisco uses port 1999. However I have never seen >the details of its use. This may not be an immediate security bug, it >may do exactly as it was intended. However I did not feel that everyone >would be aware of how easy it is to remotely identify Cisco products. >With the IOSLOGON, and HISTORY bug out there, it may be advisable to >prevent your router from telling everyone what brand it is.-----Thanks >to Aleph One for info---------- >>tcp-id-port 1999/tcp cisco identification port >>tcp-id-port 1999/udp cisco identification port Probably the big brother to: >From a CCNA study guide (slightly paraphrased): Cisco Discover Protocol layer 2 media and protocol independant protocol that runs on all cisco manufactured hardware (yikes)... Each device configured for CDP sends out periodic messages to a MAC layer multicast address. These advertisements include information about the software and capabilities of the platform (double yikes). show cdp neighbour shows a table with what is attached to interfaces (at the remote end). show cdp neighbour detail shows a whole lot more info, supposedly a great tool for trouble shooting, since it is protocol/media independant you can see if the remote side has a misconfigured address/whatnot. More detail on how to disable it/etc on page 78-79 "Router Products Commands Summary Rel 11.0" (just look up cdp in the index). You might want to see if there are commands to show info like the interfaces, networks, and whatnot, I suspect they might be in there (nice boner for cisco to pull). Then it would make for a truely great Cisco network discovery util. -seifried, MCSE, wanna be CCNA.
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:29:13 PDT