Re: Nipper and Cisco configuration results

[Christopher <chrismcc () pricegrabber com>]

On Thu, 2009-04-02 at 15:33 -0700, Subba Rao wrote:
> I am using Nipper for verifying my Cisco configuration.  Nipper is
>  finding the "rlogin" service that is not in the configuration.  I have
>  searched the access lists and do not see it anywhere.  The explanation
>  by Nipper about this finding, "....Telnet protocol implemented by this
>  service...." is confusing.

The problem, IMHO, is nipper.  You might or might not have the rlogin
service enabled, but nipper has so many false positives I find is almost
useless.  In my case, it caught some obvious things I had forgotten to
do, but everything else was useless.  For instance from the nipper
source code:

struct vulnerability report_vuln_ios11 = {9, 0, 0, 12, 4, 0,
                          "CVE-2007-0479", "22208",
                          "IPv4 TCP listener denial of service",
                          true, false,
                          vuln_req_none, false, &report_vuln_ios12};

What the above means to nipper is any IOS version 12.0.x, 12.1.x,
12.2.x, 12.3.x is vulnerable, while every 12.4.x version is OK.  This is
obviously false on *both* counts.  
http://www.cisco.com/en/US/products/products_security_advisory09186a00807cb0e4.shtml


I spent a lot of time trying to explain this to $corporate audit guy
that had never even logged into a router, let alone had to choose a
stable IOS version for 6500/7600 class hardware.



>   Here is the Nipper's output:

<snip>


> Thank you in advance for any help.
>
> Subba Rao
-- 
Christopher McCrory
 "The guy that keeps the servers running"
 
chrismcc () pricegrabber com
 http://www.pricegrabber.com
 
To the optimist, the glass is half full.
To the pessimist, the glass is half empty.
To the engineer, the glass is twice as big as it needs to be.