Using a Compromised Router to Capture Network Traffic

[Penetration Testing <pentest () infosecure com au>]

Hi all.

I have recently completed some experimentation into using a captured
router to sniff network traffic on a remote network.  This is in the same
vein as Gauis' article in Phrack 56 (Things to do in cisco land when you
are dead).

I have tried to build on Gauis' work in that I terminated the GRE tunnel
on a Cisco router instead of a *nix machine.  I explored a couple of
possible scenarios for this, the net result being that it is possible to
remotely capture (bi-directional) network traffic using NO customised
tools; all that is required is one cisco router with vanilla IOS, and a
machine that can run snoop or tcpdump.

Anyway, if anyone is interested, the document describing the experiment
and results is available at http://www.geocities.com/david_taylor_au/
(Word 2000 format).  Or, contact me.

Regards,
Dave Taylor


----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/