RE: Using a Compromised Router to Capture Network Traffic

["Moffett, Ryan" <Ryan_Moffett () stercomm com>]

Is this hosted on an alternate site other than the geocities site which has
exceeded the xfer limit?

-----Original Message-----
From: Penetration Testing [mailto:pentest () infosecure com au] 
Sent: Monday, July 15, 2002 2:44 PM
To: pen-test () securityfocus com
Subject: Using a Compromised Router to Capture Network Traffic


Hi all.

I have recently completed some experimentation into using a captured router
to sniff network traffic on a remote network.  This is in the same vein as
Gauis' article in Phrack 56 (Things to do in cisco land when you are dead).

I have tried to build on Gauis' work in that I terminated the GRE tunnel on
a Cisco router instead of a *nix machine.  I explored a couple of possible
scenarios for this, the net result being that it is possible to remotely
capture (bi-directional) network traffic using NO customised tools; all that
is required is one cisco router with vanilla IOS, and a machine that can run
snoop or tcpdump.

Anyway, if anyone is interested, the document describing the experiment and
results is available at http://www.geocities.com/david_taylor_au/
(Word 2000 format).  Or, contact me.

Regards,
Dave Taylor


----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/