Tag: Cisco
Harden your cisco router
by Rootadmin on Jul.18, 2009, under Cisco
|
Commmand |
Description |
|
no ip tcp-small-servers |
If you disable the minor TCP/IP servers, access to the Echo, Discard, Chargen, and Daytime ports cause the Cisco IOS® software to send a TCP RESET packet to the sender and discard the original incoming packet. |
|
no ip udp-small-servers |
If you disable the servers, access to Echo, Discard, and Chargen ports causes the Cisco IOS® software to send an “ICMP port unreachable” message to the sender and discard the original incoming packet. |
|
no ip bootp server |
This will send an ICMP port unreachable message to the sender and discard the original incoming packet |
|
no service finger |
This is the equivalent of a remote show users command – disable it |
|
no ip source route |
Disallow IP Source routing. |
|
no ip ident |
IP Identd will return accurate information about the host TCP port, disabled this |
|
no ip http server |
This is very important considering IOS® HTTP Authorization vulnerability. This will remove the ability to use http to manage Cisco devices. |
|
no ip http secure-server |
This is very important considering IOS® HTTP Authorization vulnerability. This will remove the ability to use http to manage Cisco devices. |
|
no cdp run |
to prevent reconnaissance against yoru network |
|
ntp disable |
If you need to run NTP, run NTP securely |
|
(Config-if) shutdown |
Shutdown all unused interfaces |
|
(Config-if) no ip proxy-arp |
This prevents internal addresses from being revealed |
|
(Config-if)no ip directed-broadcast |
Apply this to all interfaces that shouldn’t forward legitimate directed broadcasts |
New Cisco IPS Update
by Rootadmin on Jul.17, 2009, under Cisco
http://tools.cisco.com/security/center/viewBulletin.x?bId=230&year=2009
The S416 signature update contains the following new signatures:
| PLATFORM | SIGID | SIGNAME | ENGINE | SEVERITY | ENABLED |
| 5.x,6.x | 5923.0 | Microsoft Internet Explorer FTP Client Directory Traversal issue | string-tcp | high | false |
| 5.x,6.x | 5923.1 | Microsoft Internet Explorer FTP Client Directory Traversal | string-tcp | high | false |
| 5.x,6.x | 5984.0 | IE COM Object Code Execution | meta | high | false |
| 5.x,6.x | 5984.1 | IE COM Object Code Execution | string-tcp | informational | false |
| 5.x,6.x | 5984.2 | IE COM Object Code Execution | string-tcp | informational | false |
| 5.x,6.x | 5694.1 | Enhanced Metafile Buffer Overflow | string-tcp | high | false |
| 5.x,6.x | 6023.0 | IE JavaScript window() DoS | string-tcp | high | false |
| 5.x,6.x | 6024.0 | Firefox JavaScript Information Disclosure | string-tcp | low | false |
| 5.x,6.x | 6025.0 | Jet DB Engine Buffer Overflow | string-tcp | high | false |
| 5.x,6.x | 6026.0 | Squid Gopher Protocol Handling Buffer Overflow | string-tcp | high | false |
| 5.x,6.x | 6074.0 | DirectX RLE Compressed TGA Overflow | string-tcp | high | false |
| 5.x,6.x | 6075.0 | Mozilla SOAPParameter Integer Overflow | string-tcp | high | false |
| 5.x,6.x | 6077.0 | IE Malformed GIF File | string-tcp | high | false |
| 5.x,6.x | 6414.0 | ClamAV UPX File Handling Heap Overflow | string-tcp | high | false |
| 5.x,6.x | 6416.0 | Microsoft Windows Help HLP File Processing Memory Corruption | string-tcp | high | false |
| 5.x,6.x | 6416.1 | Microsoft Windows Help HLP File Processing Memory Corruption | string-tcp | high | false |
| 5.x,6.x | 6444.0 | iGateway Content-Length Buffer Overflow | service-http | high | false |
| 5.x,6.x | 6445.0 | SUSE Remote Manager Heap Overflow | service-http | high | false |
| 5.x,6.x | 6221.0 | IBM Director Agent DoS | atomic-ip | medium | false |
| 5.x,6.x | 6414.1 | ClamAV UPX File Handling Heap Overflow | string-tcp | high | false |
| 5.x,6.x | 19639.0 | Firefox 3.5 Unicode Buffer Overflow | string-tcp | high | true |
The S416 signature update contains the following modified signatures:
| PLATFORM | SIGID | SIGNAME | ENGINE | SEVERITY | ENABLED |
| 5.x,6.x | 5902.0 | AIM Message HTML Injection | string-tcp | high | false |
| 5.x,6.x | 5813.0 | Microsoft Internet Explorer Vector Markup Language Vulnerability | meta | high | false |
| 5.x,6.x | 5567.5 | Veritas Backup Exec Remote Registry Access | meta | high | false |
| 5.x,6.x | 5567.0 | Veritas Backup Exec Remote Registry Access | string-tcp | informational | false |
| 5.x,6.x | 5567.1 | Veritas Backup Exec Remote Registry Access | service-msrpc | informational | false |
| 5.x,6.x | 5567.2 | Veritas Backup Exec Remote Registry Access | service-msrpc | informational | false |
| 5.x,6.x | 5567.3 | Veritas Backup Exec Remote Registry Access | service-msrpc | informational | false |
| 5.x,6.x | 5567.4 | Veritas Backup Exec Remote Registry Access | service-msrpc | informational | false |
| 5.x,6.x | 5688.0 | RSA WebAgent Redirect Overflow | service-http | medium | false |
| 5.x,6.x | 5810.0 | SecureCRT SSH1 Buffer Overflow | string-tcp | high | false |
| 5.x,6.x | 5837.0 | Malformed TCP packet | service-generic | medium | false |
| 5.x,6.x | 5750.0 | WLSE Cross Site Scripting | service-http | medium | false |
| 5.x,6.x | 5684.3 | Malformed SIP Packet | atomic-ip | medium | false |
| 5.x,6.x | 5868.0 | IE Navigation Cancel Page Spoofing Vulnerability | string-tcp | medium | true
|
Cisco Spit Horizon
by Rootadmin on May.04, 2009, under Cisco
CISCO CCNA MAC ARP TABLE
by Rootadmin on May.04, 2009, under Cisco
CISCO CCNA OSPF – Link State Advertisements
by Rootadmin on May.04, 2009, under Cisco
cisco ccna tcp window size
by Rootadmin on May.04, 2009, under Cisco
-
Howdy. Welcome to RootAdmin.co.uk!
Thanks for dropping by! Feel free to stay updated by subscribing to the RSS feed. See ya around!
