[Full-Disclosure] cisco acl
aclendenen at esri.com
Fri Dec 5 16:43:55 GMT 2003
PLEASE REMOVE ME IMMEDIATELY! I want off this ride....
From: isa vaul [mailto:nonleft at gmx.net]
Sent: Friday, December 05, 2003 7:31 AM
Cc: full-disclosure at lists.netsys.com
Subject: Re: [Full-Disclosure] cisco acl
Friday, December 5, 2003, 3:35:19 PM, you wrote:
p> On Fri, Dec 05, 2003 at 01:45:31PM +0100, isa vaul wrote:
>> Hello full-disclosure,
>> I've got a little problem with a cisco router.
>> It has obviously been compromised. How do i know, well the password
>> has changed. So I want to retrieve the ACL from the RAM (not NVRAM)
>> to see what else maybe got compromised.
>> Does anyone know how this could be done?
>> thanks for any suggestions in advance...
p> You'll probably get better answers if you:
p> 1. google for "cisco router forensics"
p> 2. ask this question to a cisco list
p> 3. ask this question to cisco tech support. they're quite good.
p> Assuming you've determined the changed password and the enable password,
p> # show running-config
p> will display the current configuration from RAM, including any ACLs
p> If your message really might be confidential, download my PGP key here:
p> and encrypt it. Otherwise, save bandwidth and lose the disclaimer.
thanks for all the replies.
and i am aware of the 3 given possibilities.
but i thought maybe someone on the list has some quick answer as
well?!? and as it is a little urgent i just wanted to give it a try!
Unfortunately I do not know the new password! otherwise there wouldn't
be a problem at all.
and more unfortunately it is not my network and had nothing to do with
the setup. or else i would have, as Mort pointed out, a tftp in
nonleft mailto:nonleft at gmx.net
Full-Disclosure - We believe in it.
Full-Disclosure is hosted and sponsored by Secunia.