[Full-Disclosure] cisco acl
petard
petard at freeshell.org
Fri Dec 5 14:35:19 GMT 2003
On Fri, Dec 05, 2003 at 01:45:31PM +0100, isa vaul wrote:
> Hello full-disclosure,
>
> I've got a little problem with a cisco router.
> It has obviously been compromised. How do i know, well the password
> has changed. So I want to retrieve the ACL from the RAM (not NVRAM)
> to see what else maybe got compromised.
> Does anyone know how this could be done?
>
> thanks for any suggestions in advance...
You'll probably get better answers if you:
1. google for "cisco router forensics"
2. ask this question to a cisco list
3. ask this question to cisco tech support. they're quite good.
Assuming you've determined the changed password and the enable password, the command:
# show running-config
will display the current configuration from RAM, including any ACLs
IIRC.
HTH,
petard
--
If your message really might be confidential, download my PGP key here:
http://petard.freeshell.org/petard.asc
and encrypt it. Otherwise, save bandwidth and lose the disclaimer.
Full-Disclosure is hosted and sponsored by Secunia.