思科路由器入Q
奔腾不息的网络里,Web绽放着艳丽的色彩、电子邮件呵责的络绎网际、语音电话、网络会议、文件传输,各种数据交错参差,构成光辉的数字S界。在喧闹的数字S界底层,存在一种精巧的秩序,这种秩序决议着数据的选路、异构介质联接、协议的交互等功能。而这一秩序的建设者恰是布满全面网络的路由器。所以,路由器成了数据通信的交通亭,也成为了很多黑帽(Blackhat)争夺的方案之一。Cisco路由器占有这网络S界的肯定方位,所以安全焦点效应激发了路由侵/入与防护而生成的精巧艺术。下面我将由浅入深的方法讲述Cisco侵/入的手段以及防护策略。【路由器伤风】路由器从本身的IOS来说,并不是一个强大的系统,因此它偶尔也会让自己伤风发烧。系统伤风发烧起来,抵抗力天然就下降不少。IOS本身欺骗Cisco路由器是用IOS系统来实现路由的细节功能,因此它是路由系统的魂灵。Show命令的在线系统方法却为我们打开一个偷窥之门。尽人皆知,Cisco路由器中,通常用户只能检测路由器的很少信息。而能进入特权模式的用户才有资格检测全面信息和修复路由。通常模式下,show的在线帮助系统不会列表所有可用的命令,尽管75个show的扩展参数只能用于特权模式下(enable),实际上只要13个受到限制。这意味着通常用户(非特权用户)可以检测访问列表或别的路由安全相关信息。
思科路由器侵/入.pdf
(In the ever-increasing network, the Web is blooming with bright colors, e-mails, voice calls, web conferences, file transfers, all kinds of data are intertwined, forming a glorious digital world. At the bottom of the noisy digital world, there is a delicate order, which determines the functions of data routing, heterogeneous media connection, and protocol interaction. And the builder of this order is the router that is covered with the comprehensive network. Therefore, the router has become a traffic kiosk for data communication, and it has also become one of the schemes that many black hats compete for. Cisco routers occupy a certain place in the networked world, so the security focus effect inspires the sophisticated art of routing intrusion/intrusion and prevention. Below I will describe Cisco's intrusion/intrusion methods and protection strategies from the shallower to the deeper. The router is not a powerful system from its own IOS, so it will occasionally make itself cold and fever. When the system has a cold and fever, the resistance naturally drops a lot.
IOS itself deceives Cisco routers by using the IOS system to realize the detailed functions of routing, so it is the soul of the routing system. The online system approach of the Show command opens a door to peeping. As we all know, in Cisco routers, usually users can only detect very little information about the router. Users who can enter privileged mode are only eligible to detect comprehensive information and repair routes. In normal mode, show's online help system does not list all available commands, although the 75 extended parameters of show can only be used in privileged mode (enable), in fact only 13 are limited. This means that normal users (unprivileged users) can check access lists or other routing security related information.
Cisco Router Intrusion/Intrusion.pdf)
页:
[1]