List of Figures

Chapter 1: Cisco Network Design Models and Security Overview

Figure 1-1: The flat earth design model
Figure 1-2: The star design model showing a VPN concentrator
Figure 1-3: The two- tier design model
Figure 1-4: The ring design model
Figure 1-5: The full mesh design model
Figure 1-6: The partial mesh design model
Figure 1-7: A DMZ based on a three-legged firewall
Figure 1-8: An outside DMZ
Figure 1-9: A dirty DMZ
Figure 1-10: A two-firewall DMZ

Chapter 2: Cisco Network Security Elements

Figure 2-1: Typical AAA network security configuration
Figure 2-2: Cisco hierarchical design network security model

Chapter 3: Real-World Cisco Security Issues

Figure 3-1: Bugtraq Cisco vulnerabilities count

Chapter 4: Profiling and Enumerating Cisco Networks

Figure 4-1: Online Cisco BGP Toolkit from http://www.NetConfigs.com
Figure 4-2: Online Cisco BGP Config Tool from http://www.NetConfigs.com
Figure 4-3: Routing Registry Consistency Check for the country of Latvia
Figure 4-4: RIPE RIS Looking Glass web interface
Figure 4-5: Worldwide reverse traceroute and looking glass servers on the CAIDA web site
Figure 4-6: Reverse Traceroute/Looking Glass Search menu
Figure 4-7: RIPE whois advanced search
Figure 4-8: RADB advanced whois query
Figure 4-9: NetConfigs whois search
Figure 4-10: FixedOrbit search tools
Figure 4-11: RIPE RIS AS search
Figure 4-12: RIPE RIS ASInuse search
Figure 4-13: RIPE RIS BGP Routing Hot Spot Utility by AS
Figure 4-14: A NetGeo AS lookup
Figure 4-15: RADB maintainer query
Figure 4-16: RADB Web Update
Figure 4-17: BGPlay in action
Figure 4-18: The wonders of Hermes
Figure 4-19: Querying RIP with ASS
Figure 4-20: IGRP routing domain number bruteforcing

Chapter 5: Enumerating and Fingerprinting Cisco Devices

Figure 5-1: A CDP frame caught by Ethereal

Chapter 6: Getting In from the OutsideDead Easy

Figure 6-1: Xhydra at work
Figure 6-2: Hydra support in Nessus
Figure 6-3: Unsecure remote password cracker
Figure 6-4: Cisco MIB subtree
Figure 6-5: Foundstone SNScan
Figure 6-6: SolarWinds IP Network Browser
Figure 6-7: SolarWinds Router Security Check
Figure 6-8: SolarWinds SNMP bruteforce
Figure 6-9: SNMP walking with NetScanTools Pro
Figure 6-10: Getif MIB browser
Figure 6-11: Mbrowse
Figure 6-12: iReasoning MIB Browser in action
Figure 6-13: DwMibBrowser, looking at a Cisco 2600 router
Figure 6-14: SolarWinds Cisco Tools
Figure 6-15: SNMPc server running
Figure 6-16: Scotty/Tkined and its Cisco-specific features

Chapter 7: Hacking Cisco DevicesThe Intermediate Path

Figure 7-1: Snmpwalking with SilverCreek
Figure 7-2: SNMP vulnerability test using SilverCreek
Figure 7-3: SilverCreek console
Figure 7-4: SilverCreek agent compliance testing
Figure 7-5: Main SimpleTester interface
Figure 7-6: Cisco MIBsalways needed
Figure 7-7: Snmpwalk after the test parameters are set
Figure 7-8: SimpleSleuthLite vulnerability assessment
Figure 7-9: A trap sent by PROTOS is captured.
Figure 7-10: Cisco web-based management configuration
Figure 7-11: This Cisco device is vulnerable to arbitrary administrative access vulnerability.
Figure 7-12: SPIKE Proxy interface

Chapter 8: Cisco IOS ExploitationThe Proper Way

Figure 8-1: Local memory region
Figure 8-2: Memory block linking
Figure 8-3: Free memory block
Figure 8-4: Process memory block
Figure 8-5: The REDZONE overwriting
Figure 8-6: A fake memory block used to trick Check Heaps
Figure 8-7: Memory block freeing

Chapter 9: Cracking Secret Keys, Social Engineering, and Malicious Physical Access

Figure 9-1: Instant password decryption with Cain & Abel
Figure 9-2: Cain & Abel PIX-Hash bruteforcing attack screen

Chapter 10: Exploiting and Preserving Access

Figure 10-1: Viewing and downloading captured traffic from a PIX firewall
Figure 10-2: IOS image file header
Figure 10-3: Bird's-eye view of ELF file patching
Figure 10-4: Magic value in the IOS header
Figure 10-5: A structure of the self-extractable IOS image file

Chapter 12: Spanning Tree, VLANs, EAP-LEAP, and CDP

Figure 12-1: A typical situation in which STP must be used
Figure 12-2: A multihomed attack
Figure 12-3: The Yersinia ncurses GUI
Figure 12-4: STP attacks in Yersinia
Figure 12-5: Network split DoS via STP collision
Figure 12-6: 802.1q-tagged Ethernet frame
Figure 12-7: Cisco ISL encapsulated Ethernet frame
Figure 12-8: Double-tag VLAN hopping attack
Figure 12-9: Making use of a PVLAN hopping attack
Figure 12-10: Dynamic VLAN assignment

Chapter 13: HSRP, GRE, Firewalls, and VPN Penetration

Figure 13-1: An overview of the GRE attack
Figure 13-2: An overview of the active and passive FTP connection exchange

Chapter 14: Routing Protocols Exploitation

Figure 14-1: Sniffing RIPv2 with Cain
Figure 14-2: Sending RIPv2 MD5 hash for cracking
Figure 14-3: RIPv2 MD5 hash bruteforcing
Figure 14-4: OSPF routing domain joining handshake
Figure 14-5: Sending OSPF MD5 hash for cracking
Figure 14-6: OSPF Md5 hash bruteforcing


Hacking Exposed Cisco Networks
Hacking Exposed Cisco Networks: Cisco Security Secrets & Solutions
ISBN: 0072259175
EAN: 2147483647
Year: 2005
Pages: 117

Similar book on Amazon

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net