Vulnerability Development mailing list archives
Re: Cisco 2621
From: Lincoln Yeoh <lyeoh () POP JARING MY>
Date: Fri, 8 Sep 2000 09:37:05 +0800
On cisco 2500 I believe aux 0 is tcp port 2001 It's often 2000+line number or something. It looks like aux 0 is line 65 on your router and 1 on mine. There are also corresponding ports for other "lines" especially access servers - these are to allow you to control modems hooked to the router remotely. Not sure if there is a port for console for various cisco routers. I'm not sure if this is the best way to deal with it but in my cisco router config I have: access-list 102 deny ip any any log line aux 0 access-class 102 in transport input all This rejects and logs TCP connection attempts to the aux port of the router. Btw if you telnet to the finger port (79) some access servers give you a list of the accounts currently dialed into them. This sometimes helps get info on people who are scanning your networks. Of course most savvy ISPs disable this, but then savvy ISPs don't need help to track down people scanning your stuff ;). Unfortunately not so savvy ISPs don't discipline their customers for bad behaviour :(. Have a nice day, Link. At 02:22 PM 07-09-2000 +0100, Ollie Whitehouse wrote:
All, During a recent attack & penetration test the following was discovered, thought it might be interesting. Router : 2621 Software : Version 11.3(2)XA4, RELEASE SOFTWARE (fc1) The router's AUX line had been configured as follows: line aux 0 no exec password 7 ********** login transport input all The NMAP scan of that network showed the following: Port State Service 23/tcp open telnet 2065/tcp open dlsrpn Doing a who on the router showed the following also (this is while a connection is open on port 2065): 2621router>who Line User Host(s) Idle Location 65 aux 0 incoming 00:00:32 192.168.0.1 * 66 vty 0 idle 00:00:00 192.168.11.87 No exploitable, but just keep it in mind when you see port 2065 listening ;o). Rgds Ollie ----- Ollie Whitehouse Security Team Leader Delphis Consulting tel: +44 (0)20 79160200 mai: ollie () delphisplc com This e-mail and any files transmitted with it are intended solely for the addressee and are confidential. They may also be legally privileged.Copyright in them is reserved by Delphis Consulting PLC ["Delphis"] and they must not be disclosed to, or used by, anyone other than the addressee.If you have received this e-mail and any accompanying files in error, you may not copy, publish or use them in any way and you should delete them from your system and notify us immediately.E-mails are not secure. Delphis does not accept responsibility for changes to e-mails that occur after they have been sent. Any opinions expressed in this e-mail may be personal to the author and may not necessarily reflect the opinions of Delphis
Current thread:
- Cisco 2621 Ollie Whitehouse (Sep 07)
- <Possible follow-ups>
- Re: Cisco 2621 Lincoln Yeoh (Sep 08)
- Re: Cisco 2621 Erick B. (Sep 12)