[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] cisco acl

To: isa vaul <nonleft@gmx.net>
Subject: Re: [Full-Disclosure] cisco acl
From: petard <petard@freeshell.org>
Date: Fri, 5 Dec 2003 14:35:19 +0000

On Fri, Dec 05, 2003 at 01:45:31PM +0100, isa vaul wrote:
> Hello full-disclosure,
> 
>   I've got a little problem with a cisco router.
>   It has obviously been compromised. How do i know, well the password
>   has changed. So I want to retrieve the ACL from the RAM (not NVRAM)
>   to see what else maybe got compromised.
>   Does anyone know how this could be done?
> 
>   thanks for any suggestions in advance...
You'll probably get better answers if you:

1. google for "cisco router forensics"
2. ask this question to a cisco list
3. ask this question to cisco tech support. they're quite good.

Assuming you've determined the changed password and the enable password, the 
command:
# show running-config
will display the current configuration from RAM, including any ACLs
IIRC.

HTH,
petard

--
If your message really might be confidential, download my PGP key here:
http://petard.freeshell.org/petard.asc
and encrypt it. Otherwise, save bandwidth and lose the disclaimer.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Follow-Ups:
- Re[2]: [Full-Disclosure] cisco acl
  - From: isa vaul <nonleft@gmx.net>

References:
- [Full-Disclosure] cisco acl
  - From: isa vaul <nonleft@gmx.net>

Prev by Date: [Full-Disclosure] Administrivia: Off-topic Posts
Next by Date: RE: [Full-Disclosure] cisco acl
Previous by thread: [Full-Disclosure] cisco acl
Next by thread: Re[2]: [Full-Disclosure] cisco acl
Index(es):
- Date
- Thread