About

The McGraw-Hill Companies

McGraw-Hill /Osborne
2100 Powell Street, 10th Floor
Emeryville, California 94608
U.S.A.

To arrange bulk purchase discounts for sales promotions, premiums, or fund-raisers, please contact McGraw-Hill/ Osborne at the above address.

All rights reserved. Printed in the United States of America. Except as permitted under the Copyright Act of 1976, no part of this publication may be reproduced or distributed in any form or by any means, or stored in a database or retrieval system, without the prior written permission of publisher, with the exception that the program listings may be entered, stored, and executed in a computer system, but they may not be reproduced for publication.

1234567890 CUS CUS 0198765

Executive Editor :
Jane K. Brownlow

Senior Project Editor :
LeeAnn Pickrell

Acquisitions Coordinator :
Jennifer Housh

Technical Editors :
Wesley J. Noonan
Eric S. Seagren

Copy Editor :
Lisa Theobald

Proofreader :
Paul Tyler

Indexer :
Karin Arrigoni

Composition and Illustration :
Apollo Publishing Services

Series Design :
Peter F. Hancik, Dick Schwartz

Cover Series Design :
Dodie Shoemaker

This book was composed with Adobe InDesign

Information has been obtained by McGraw-Hill /Osborne from sources believed to be reliable. However, because of the possibility of human or mechanical error by our sources, McGraw-Hill /Osborne, or others, McGraw-Hill /Osborne does not guarantee the accuracy, adequacy, or completeness of any information and is not responsible for any errors or omissions or the results obtained from the use of such information.

The authors would like to dedicate this book to the security community, as well as the open source and full disclosure movements.

About the Authors

Dr. Andrew A. Vladimirov

Dr. Andrew A. Vladimirov (Bristol, England), CCNP, CCDP, CISSP, CWNA, TIA Linux+, is a researcher with a wide area of expertise ranging from applied cryptography and network security to bioinformatics and neuroscience. He published his first scientific paper at the age of 13 and is one of the co-founders of Arhont Ltd., one of the leading IT/network security consultancies in the UK. Andrew has extensive experience working with Cisco routers, switches, and PIX firewalls, including design and penetration testing of Cisco-based networks, and has previously uncovered and published several flaws in IOS at Bugtraq. He has also published a variety of papers devoted to network/protocol security and authored a chapter on the subject of wireless security in Network Security: The Complete Reference (McGraw-Hill/Osborne) and is a co-author of Wi-Foo: The Secrets of Wireless Hacking (Addison Wesley, 2004). Andrew is supportive of both the open source and full disclosure movements. He is a graduate of Kings College London and the University of Bristol.

Konstantin V. Gavrilenko

Konstantin V. Gavrilenko (Bristol, England) has more than 12 years ' experience in IT and security and together with his co-authors is a co-founder of Arhont Ltd. Konstantin's writing draws primarily from his real-world knowledge and experience in security consultancy and infrastructure development for a vast range of clients . He is open minded and enthusiastic about research, where his main areas of interest lie in security in general and more specifically in firewalling, cryptography, VPNs, and IDS. Konstantin has an extensive experience working with Cisco PIX firewalls and Cisco VPN concentrators and client applications. He is proud to say that he is an active supporter of open source solutions and ideology, public disclosure included. Konstantin has published a variety of advisories at SecurityFocus and PacketStorm, uncovering new software security vulnerabilities, along with being a co-author of the bestselling Wi-Foo: The Secrets of Wireless Hacking . He holds a first class BS honors degree in Management Science from DeMontfort University and an MS in Management from Lancaster University.

Janis N. Vizulis

Janis N. Vizulis (Bristol, England) is a researcher and programmer with a wide area of expertise ranging from digital forensics (11 years of forensics experience in criminal police work) to black and white box penetration testing with a main focus on the gambling industry, including security consultancy in the development of online banking applications for major players in the gambling industry and developing anti-DDoS and load-balancing solutions, many of them Cisco-based. His main interest in security lies in network protocols and web application security, including the development of protocol and application fuzzing tools for new vulnerabilities discovery and equipment and application security stress-testing. Janis was the leading developer of the new tools released during the writing process of this Hacking Exposed tome.

Andrei A. Mikhailovsky

Andrei A. Mikhailovsky (Bristol, England) first became enticed by UNIX flavors back in school. He cultivated and expanded his knowledge into networking aspects of information technology while obtaining his bachelor's degree from the University of Kent at Canterbury. Soon he was engrossed in network security and penetration testing of Internet-centric equipment including various Cisco devices. On accomplishing his MBA, he co-founded information security company Arhont and participated in security research, published articles and advisories, and greatly contributed to the overall success of the Arhont team. Andrei's technical particularities include user authentication mechanisms, database and directory services, wireless networking security, and systems integration. He has extensive experience working with Cisco implementations of RADIUS and TACACS authentication protocols.

About the Technical Reviews

Wesley J. Noonan

Wesley J. Noonan (Houston, Texas) has been working in the computer industry since the mid-1990s, specializing in Windows -based networks and network infrastructure security design and implementation. He is a Staff Quality Engineer for NetIQ working on the company's security solutions product line. Wes is the author of Hardening Network Infrastructure and is a contributing/co-author for The CISSP Training Guide by QUE Publishing, Hardening Network Infrastructure (McGraw-Hill/Osborne), and Firewall Fundamentals . Wes is also a contributor to Redmond magazine, writing on the subjects of network infrastructure and security. He has presented at TechMentor 2004 and maintains a Windows Network Security related "Ask the Experts" section for http://www.Techtarget.com ( http://www.searchwindowssecurity.techtarget.com/ateAnswers/0,289620,sid45_tax298206,00.html ).

Eric S. Seagren

Eric S. Seagren (Missouri City, Texas), CISA, CISSP-ISSAP, SCNP, CCNA, CNE, MCP+I, MCSE, has nine years of experience in the computer industry, with the last seven years spent in the financial services industry working for a Fortune 100 company. Eric started his computer career working on Novell servers and performing general network troubleshooting for a small Houston-based company. While working in the financial services industry, his duties have included server administration, disaster recovery responsibilities, business continuity coordinator, Y2K remediation , and network vulnerability assessment responsibilities. He has spent the last few years as an IT architect and risk analyst, designing and evaluating secure, scalable, and redundant networks.

Acknowledgments

The existence of this book would not have been possible without the support, help, and understanding of many people and organizations. First of all, we acknowledge the valuable assistance and collaborative support provided to us by the team of McGraw-Hill/Osborne editors, including executive editor Jane Brownlow, acquisitions coordinator Jenni Housh, senior project editor Lee Ann Pickrell, and editor Lisa Theobald. The deepest thanks goes to Boris Chernov for his perfect technical assistance in the matters of software engineering and the overall help with this book. A lot of things were corrected and improved due to the vital contribution of Wes Noonan, our main technical editor. We are also grateful to FX for the initial help with technical edits and everyone in the Phenoelit team for their ingenious contribution to IOS security research. Thanks also goes to Michael Lynn for his work and presentation on Cisco IOS internals and potential exploitation. Last, but not the least, we are grateful to James Blake for donating some equipment for our testing lab. Keep up the good work and again many thanks for all the help, contributions, and support that we've received in the course of writing this book.