The Cisco Product Security Incident Response Team (PSIRT) has published seven important vulnerability advisories: Multiple Vulnerabilities in Cisco IOS XE Software for 1000 Series Aggregation Services Routers Cisco IOS XR Software Route Processor Denial of Service Vulnerability Multiple Vulnerabilities in Cisco Identity Services Engine Apache Struts 2 Command Execution Vulnerability in Multiple Cisco Products Multiple Vulnerabilities in Cisco Firewall Services Module Software Multiple Vulnerabilities in Cisco ASA Software Cisco IOS XR Software Memory Exhaustion Vulnerability Multiple Vulnerabilities in Cisco IOS XE Software for 1000 Series Aggregation Services Routers Cisco IOS XE Software for 1000 Series Aggregation Services Routers (ASR) contains […]![]()
![]()
![]()
![]()
![]()
![]()
October 2013: seven Cisco vulnerabilities
↧
↧
Cisco ASA < 8.4.4.6 | 8.2.5.32 Ethernet Information Leak
This is the Cisco ASA ethernet information leak exploit that leverages the vulnerability noted in CVE-2003-0001. Versions prior to 8.4.4.6 and 8.2.5.32 are affected. Multiple platform ethernet Network Interface Card (NIC) device drivers incorrectly handle frame padding, allowing an attacker to view slices of previously transmitted packets or portions of kernel memory. This vulnerability is the result of incorrect implementations of RFC requirements and poor programming practices, the combination of which results in several variations of this information leakage vulnerability. The simplest attack using this vulnerability would be to send ICMP echo messages to a machine with a vulnerable ethernet […]![]()
![]()
![]()
![]()
![]()
![]()
↧
November 2013: three Cisco vulnerabilities
The Cisco Product Security Incident Response Team (PSIRT) has published three important vulnerability advisories: Cisco TelePresence VX Clinical Assistant Administrative Password Reset Vulnerability Cisco WAAS Mobile Remote Code Execution Vulnerability Cisco IOS Software Session Initiation Protocol Denial of Service Vulnerability Cisco TelePresence VX Clinical Assistant Administrative Password Reset Vulnerability The vulnerability is due to a coding error that resets the password for the admin user to a blank password on every reboot. An attacker could exploit this vulnerability by logging in to the administrative interface as the admin user with a blank password. Vulnerable Products Cisco TelePresence VX Clinical Assistant […]![]()
![]()
![]()
![]()
![]()
![]()
↧
Show interface in depth
In my opinion, a good network engineer must know the “show interface” in depth; indeed, this command is useful to obtain various interface information like drop, duplex mismatch, error, tx/rx load, … Usually, the IOS switch/router have similar “show interface” output; the differences are dictated by devices, interface and IOS. Below a show interface of a TenGigabitEthernet interface. The show is issued on a Cisco WS-C6509-E in VSS Mode with IOS version 15. Ciscozine-IOS#sh int te1/5/4 TenGigabitEthernet1/5/4 is up, line protocol is up (connected) Hardware is C6k 10000Mb 802.3, address is 0000.0000.fd90 (bia 0008.ef4a.fd90) MTU 1500 bytes, BW 10000 Kbit/sec, DLY […]![]()
![]()
![]()
![]()
![]()
![]()
↧
Dual Internet connections in active/standby mode without BGP
Suppose that your company has two independent Internet connections: the first used as main link and the second used ONLY in case of main connection fault. What can we do to avoid a ‘manual’ switch of routing and NAT tables? In general, in this case, the best solution is to use the BGP protocol with bofh providers, but this solution can be very expensive, so are there other ways to implement this process? In my opinion, one of the best solutions is to use IPSLA, PBR and the EEM features togheter, but what are these features? See you below each […]![]()
![]()
![]()
![]()
![]()
![]()
↧
↧
January 2014: five Cisco vulnerabilities
The Cisco Product Security Incident Response Team (PSIRT) has published five important vulnerability advisories: Cisco TelePresence ISDN Gateway D-Channel Denial of Service Vulnerability Cisco TelePresence System Software Command Execution Vulnerability Cisco TelePresence Video Communication Server SIP Denial of Service Vulnerability Multiple Vulnerabilities in Cisco Secure Access Control System Undocumented Test Interface in Cisco Small Business Devices Cisco TelePresence ISDN Gateway D-Channel Denial of Service Vulnerability Cisco TelePresence ISDN Gateway contains a vulnerability that could allow an unauthenticated, remote attacker to trigger the drop of the data channel (D-channel), causing all calls to be terminated and preventing users from making new […]![]()
![]()
![]()
![]()
![]()
![]()
↧
February 2014: five Cisco vulnerabilities
Cisco Prime Infrastructure Command Execution Vulnerability Unauthorized Access Vulnerability in Cisco Unified SIP Phone 3905 Multiple Vulnerabilities in Cisco IPS Software Cisco Firewall Services Module Cut-Through Proxy Denial of Service Vulnerability Cisco UCS Director Default Credentials Vulnerability Cisco Prime Infrastructure Command Execution Vulnerability A vulnerability in Cisco Prime Infrastructure could allow an authenticated, remote attacker to execute arbitrary commands with root-level privileges. Vulnerable Products Cisco Prime Infrastructure software versions 1.2, 1.3, 1.4, and 2.0 are affected by this vulnerability. Details A vulnerability in Cisco Prime Infrastructure could allow an authenticated, remote attacker to execute arbitrary commands with root-level privileges. The vulnerability […]![]()
![]()
![]()
![]()
![]()
![]()
↧
March 2014: nine Cisco vulnerabilities
The Cisco Product Security Incident Response Team (PSIRT) has published nine important vulnerability advisories: Cisco IOS Software SSL VPN Denial of Service Vulnerability Cisco IOS Software Session Initiation Protocol Denial of Service Vulnerability Cisco IOS Software Internet Key Exchange Version 2 Denial of Service Vulnerability Cisco IOS Software Crafted IPv6 Packet Denial of Service Vulnerability Cisco 7600 Series Route Switch Processor 720 with 10 Gigabit Ethernet Uplinks Denial of Service Vulnerability Cisco IOS Software Network Address Translation Vulnerabilities Cisco AsyncOS Software Code Execution Vulnerability Cisco Small Business Router Password Disclosure Vulnerability Multiple Vulnerabilities in Cisco Wireless LAN Controllers Cisco IOS […]![]()
![]()
![]()
![]()
![]()
![]()
↧
Speed up your console
Generally to upgrade/downgrade an IOS, you use the classical ftp/tftp transfer from a laptop to a router/switch; unfortunately, there are some cases where this way is not possible, so the only solution is to use the console. Suppose you have to upload an image of about 20Mb. On a 9600bps intereface, the time required to upload this image is about 35minutes (20000000/9600)! Oh my God! Fortunately Cisco permit to change the console speed using the command “speed”. By default the console interface works at 9600bps: Ciscozine#sh line console 0 Tty Line Typ Tx/Rx A Modem Roty AccO AccI Uses Noise Overruns Int […]![]()
![]()
![]()
![]()
![]()
![]()
↧
↧
How to upgrade a Cisco stack
One of the task of a good Network engineer is update the Cisco IOS to avoid bugs and to have new features; but what is the correct procedure to upgrade a Cisco stack, for instance two 2960 switches in stack? There are two main methods to upgrade the IOS: TAR image BIN image TAR image The .tar file is an archive file from which both the IOS image and the CMS files are extracted during the upgrade process. If you want to manage switches or clusters of switches through a web interface (HTML), this is the only file you need to download. To upgrade […]![]()
![]()
![]()
![]()
![]()
![]()
↧
Send Cisco commands via SNMP
In the article “How to save configurations using SNMP“, I have explained how to get the Cisco configuration using SNMP. Now, I explain how to send commands via SNMP using the “ciscoConfigCopyMIB” MIB; with this MIB, you can replace running/startup configuration, send commands, save the “show” output or reload the device. OK, let’s start :) First of all, check if your PC/Server has the SNMP suite; if not, install the net-snmp software (http://net-snmp.sourceforge.net/). Then open a terminal on your pc and use these commands: snmpset -c [snmp-community-string] -v 2c [ip-device] 1.3.6.1.4.1.9.9.96.1.1.1.1.2.[Random number] i 1 snmpset -c [snmp-community-string] -v 2c [ip-device] 1.3.6.1.4.1.9.9.96.1.1.1.1.3.[Random number] i […]![]()
![]()
![]()
![]()
![]()
![]()
↧
Shellshock: a bug bigger than Heartbleed?
Recently, the Red Hat team have found a critical remotely exploitable vulnerability in the Bash (aka the GNU Bourne Again Shell), that allow a remote attacker to inject arbitrary commands. GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash […]![]()
![]()
![]()
![]()
![]()
![]()
↧
How to log everything with SecureCRT
Unlike my technical articles about configurations, protocols and so on, in this tutorial I will explain how to log automatically all SecureCRT sessions. For those that are unaware, SecureCRT is one of the best SSH/telnet client. The question is “why save everything?” In my opinion, a good approach to work with many devices (network, security, …) is to save everything (show command, configuration command and so on..). This method gives several benefits, for instance when: The telnet/SSH client buffer is full Something goes wrong You mistakenly close SecureCRT You want to check what you have done Below the steps to configure it: 1. Open the software. 2. […]![]()
![]()
![]()
![]()
![]()
![]()
↧
↧
Cisco 6500 VSS configuration
The Cisco Catalyst 6500 Series Virtual Switching System (VSS) allows the clustering of two chassis together into a single, logical entity. This technology allows for enhancements in all areas of network design, including high availability, scalability, management, and maintenance. The Virtual Switching System is created by converting two standalone Catalyst 6500 systems to a Virtual Switching System. The conversion is a one-time process that requires a few simple configuration steps and a system reload. Once the individual chassis reload, they are converted into the Virtual Switching System. All control plane functions are centrally managed by the active supervisor engine of the active virtual […]![]()
![]()
![]()
![]()
![]()
![]()
↧
Cisco 2015 Annual Security Report
Like every year, Cisco has released the Annual Security Report that is one of the preeminent security reports that examines the latest threat intelligence, providing industry insights, trends and key findings revealing cybersecurity trends. During this year, attackers have become more proficient at taking advantage of gaps in security to evade detection and conceal malicious activity. Security teams, must be constantly improving their approach to protect their organization from these increasingly sophisticated cyber attack campaigns. These issues are further complicated by the geopolitical motivations of the attackers and conflicting requirements imposed by local laws with respect to data sovereignty, data localization […]![]()
![]()
![]()
![]()
![]()
![]()
↧
Cisco VSS: Failure scenarios
In the last article, I explained how to configure the Cisco 6500 in VSS configuration, but how does the VSS reacts during a failure? There are three possible scenarios: Link failure within a multichassis Cisco etherchannel link Active supervisor engine failure VSL failure Scenario #1: Link failure within a multichassis Cisco etherchannel link Availability is not affected for those data flows that do not use the failed link. For those traffic flows that use the failed link, the effect consists of the time it takes to detect the link failure and reprogram the indices within the system. When all link connected to a Cisco 6500 […]![]()
![]()
![]()
![]()
![]()
![]()
↧
A Ghost in the device? CVE-2015-0235
On Tuesday January 27, 2015, Qualys security researchers discovered the GHOST vulnerability (CVE-2015-0235), a serious weakness in the Linux glibc library, that allows attackers to remotely take complete control of the victim system without having any prior knowledge of system credentials. This vulnerability affects the functions gethostbyname() and gethostbyname2() functions originally used to resolve a hostname to an IP address. However, these functions have been deprecated for approximately fifteen years, largely because of their lack of support for IPv6. The superseding function is getaddrinfo() which does support IPv6 and is not affected by this buffer overflow. Programs that still utilize the deprecated […]![]()
![]()
![]()
![]()
![]()
![]()
↧
↧
Send WhatsApp alert during a network fault
A good network engineer must react quickly during a fault. On the market, there are several solutions to monitor the network malfunctions: HP Openview, Solarwinds, PRTG and other solutions (open source or not). Generally, when an alert/warning is detected an event is triggered: email, SMS or text to a monitor. But why don’t you send these messages via whatsapp? It’s free and can reach everyone, everywhere! What you need: PHP with openssl extension enabled WART WhatsAPI-Official SIM In this tutorial, I use XAMPP Portable version 1.8.3 (http://sourceforge.net/projects/xampp/) on a Windows7 64bit machine. Note: The WhatsAPI-Official requires openssl extension enabled in the PHP settings; whitout this library the script cannot work! […]![]()
![]()
![]()
![]()
![]()
![]()
↧
Chuck Robbins, the new CEO of Cisco
Cisco today announced that its Board of Directors has appointed Chuck Robbins as Chief Executive Officer effective July 26, 2015. In his previous role as Senior Vice President of Worldwide Field Operations for Cisco, Chuck Robbins has led the company’s Worldwide Sales Organization and Worldwide Partner Organization. John Chambers, who has led Cisco as its CEO for 20 years, will become the company’s executive chairman. “This is the perfect time for Chuck Robbins to become Cisco’s next Chief Executive Officer. We’ve selected a very strong leader at a time when Cisco is in a very strong position,” said Cisco Chairman and […]![]()
![]()
![]()
![]()
![]()
![]()
↧
Leap Second 2015: a critical bug in NXOS
In June 30, 2015 at 23:59:60 UTC, one minute will have 61 seconds when a leap second is added; the reason we have to add a second every now and then, is that Earth’s rotation around its own axis, is gradually slowing down, although very slowly. This will be the 26th leap second adjustment since 1972, and represents an important consideration for providers of computing, networking, and software solutions. When the leap second update occurs, several unexpected behaviors can happen on Nexus devices: N5K (CSCub38654) When the leap second update occurs N5K NX-OS 5.0, 5.1 5.2 versions run an affected version of the […]![]()
![]()
![]()
![]()
![]()
![]()
↧
More Pages to Explore .....
