On Mon, Jul 15, 2002 at 10:43:49AM -0800, Penetration Testing wrote: > Hi all. > > I have recently completed some experimentation into using a captured > router to sniff network traffic on a remote network. This is in the same > vein as Gauis' article in Phrack 56 (Things to do in cisco land when you > are dead). > > I have tried to build on Gauis' work in that I terminated the GRE tunnel > on a Cisco router instead of a *nix machine. I explored a couple of > possible scenarios for this, the net result being that it is possible to > remotely capture (bi-directional) network traffic using NO customised > tools; all that is required is one cisco router with vanilla IOS, and a > machine that can run snoop or tcpdump. Why having a "so complex" infrastructure ? All you need is linux 2.4.X kernel with netfilter and GRE support and the following tools: - iptables - iproute2 - any sniffing/hijacking tools ( ettercap, dsniff, hunt, ethereal ) Using this configuration you can do whatever you want: - create funny policy routing rules - intercept traffic - hijack traffic - decrement TTL and manipulate traffic in many way - insert NAT rules to eventually bypass firewall and you don't need to have a cisco router neither to have to cope with GRE encapsulation :) Using a cisco router for hacking purpose is crazy, use linux! :) Regards -- Fabio Pietrosanti ( naif ) E-mail: naifat_private - naifat_private PGP Key (DSS) http://naif.itapac.net/naif.asc -- "Hacking is the future of security research" R.Power, CSI Free advertising: www.openbsd.org Multiplatform Ultra-secure OS ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
This archive was generated by hypermail 2b30 : Tue Jul 16 2002 - 12:34:55 PDT