RE: Using a Compromised Router to Capture Network Traffic

From: Axel Dunkel (adat_private)
Date: Mon Jul 15 2002 - 11:52:16 PDT

Next message: Jeremy Junginger: "RE: Using a Compromised Router to Capture Network Traffic"

Previous message: Moffett, Ryan: "RE: Using a Compromised Router to Capture Network Traffic"
In reply to: Moffett, Ryan: "RE: Using a Compromised Router to Capture Network Traffic"
Next in thread: Jeremy Junginger: "RE: Using a Compromised Router to Capture Network Traffic"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> Is this hosted on an alternate site other than the geocities site which has
> exceeded the xfer limit?

For a while, I have put it on 
http://www.Dunkel.de/download/GRE_sniffing.doc 
to help out.

Best regards,
Axel Dunkel
 

> -----Original Message-----
> From: Penetration Testing [mailto:pentestat_private] 
> Sent: Monday, July 15, 2002 2:44 PM
> To: pen-testat_private
> Subject: Using a Compromised Router to Capture Network Traffic
> 
> 
> Hi all.
> 
> I have recently completed some experimentation into using a captured router
> to sniff network traffic on a remote network.  This is in the same vein as
> Gauis' article in Phrack 56 (Things to do in cisco land when you are dead).
> 
> I have tried to build on Gauis' work in that I terminated the GRE tunnel on
> a Cisco router instead of a *nix machine.  I explored a couple of possible
> scenarios for this, the net result being that it is possible to remotely
> capture (bi-directional) network traffic using NO customised tools; all that
> is required is one cisco router with vanilla IOS, and a machine that can run
> snoop or tcpdump.
> 
> Anyway, if anyone is interested, the document describing the experiment and
> results is available at http://www.geocities.com/david_taylor_au/
> (Word 2000 format).  Or, contact me.
> 
> Regards,
> Dave Taylor
> 
> 
> ----------------------------------------------------------------------------
> This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
> Service. For more information on SecurityFocus' SIA service which
> automatically alerts you to the latest security vulnerabilities please see:
> https://alerts.securityfocus.com/
> 
> ----------------------------------------------------------------------------
> This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
> Service. For more information on SecurityFocus' SIA service which
> automatically alerts you to the latest security vulnerabilities please see:
> https://alerts.securityfocus.com/
> 
> 


---
Systemberatung A. Dunkel GmbH, Gutenbergstr. 5, D-65830 
Kriftel
Tel.: +49-6192-9988-0, Fax: +49-6192-9988-99,   E-Mail: 
adat_private


----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

Next message: Jeremy Junginger: "RE: Using a Compromised Router to Capture Network Traffic"
Previous message: Moffett, Ryan: "RE: Using a Compromised Router to Capture Network Traffic"
In reply to: Moffett, Ryan: "RE: Using a Compromised Router to Capture Network Traffic"
Next in thread: Jeremy Junginger: "RE: Using a Compromised Router to Capture Network Traffic"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Jul 15 2002 - 12:38:11 PDT