RE: Using a Compromised Router to Capture Network Traffic

From: Moffett, Ryan (Ryan_Moffett@stercomm.com)
Date: Mon Jul 15 2002 - 13:05:21 EDT


Is this hosted on an alternate site other than the geocities site which has
exceeded the xfer limit?

-----Original Message-----
From: Penetration Testing [mailto:pentest@infosecure.com.au]
Sent: Monday, July 15, 2002 2:44 PM
To: pen-test@securityfocus.com
Subject: Using a Compromised Router to Capture Network Traffic

Hi all.

I have recently completed some experimentation into using a captured router
to sniff network traffic on a remote network. This is in the same vein as
Gauis' article in Phrack 56 (Things to do in cisco land when you are dead).

I have tried to build on Gauis' work in that I terminated the GRE tunnel on
a Cisco router instead of a *nix machine. I explored a couple of possible
scenarios for this, the net result being that it is possible to remotely
capture (bi-directional) network traffic using NO customised tools; all that
is required is one cisco router with vanilla IOS, and a machine that can run
snoop or tcpdump.

Anyway, if anyone is interested, the document describing the experiment and
results is available at http://www.geocities.com/david_taylor_au/
(Word 2000 format). Or, contact me.

Regards,
Dave Taylor

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/



This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:23 EDT