Have you ever wondered what if your cisco routers or switches is compromised? What is the next step you would take to check your routers or switches for any changes made by the hacker? That was once a question mark in my head, but today i am going to show some commands that you can use to check for any compromisation.
1. show version
2. show ip route
3. show run
4. show start
5. show ip route
6. show nat
7. show users all
8. show ip int
9. show int
10. show tcp brief all
11. show ip sockets
12. show ip nat translations verbose
13. show access-list
14. show xlate detail
15. show connection detail
16. show ip inspect session detail
Of course, there are many others more. But the above commands are most frequently used by me if a Cisco network device is compromised. Comments pls!!
Rabu, 14 Maret 2007
Cisco Router Forensics
22.20
No comments
Langganan:
Posting Komentar (Atom)
0 komentar:
Posting Komentar