Hello petard, Friday, December 5, 2003, 3:35:19 PM, you wrote:
p> On Fri, Dec 05, 2003 at 01:45:31PM +0100, isa vaul wrote: >> Hello full-disclosure, >> >> I've got a little problem with a cisco router. >> It has obviously been compromised. How do i know, well the password >> has changed. So I want to retrieve the ACL from the RAM (not NVRAM) >> to see what else maybe got compromised. >> Does anyone know how this could be done? >> >> thanks for any suggestions in advance... p> You'll probably get better answers if you: p> 1. google for "cisco router forensics" p> 2. ask this question to a cisco list p> 3. ask this question to cisco tech support. they're quite good. p> Assuming you've determined the changed password and the enable password, the command: p> # show running-config p> will display the current configuration from RAM, including any ACLs p> IIRC. p> HTH, p> petard p> -- p> If your message really might be confidential, download my PGP key here: p> http://petard.freeshell.org/petard.asc p> and encrypt it. Otherwise, save bandwidth and lose the disclaimer. thanks for all the replies. and i am aware of the 3 given possibilities. but i thought maybe someone on the list has some quick answer as well?!? and as it is a little urgent i just wanted to give it a try! Unfortunately I do not know the new password! otherwise there wouldn't be a problem at all. and more unfortunately it is not my network and had nothing to do with the setup. or else i would have, as Mort pointed out, a tftp in place. -- Best regards, nonleft mailto:[EMAIL PROTECTED] _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
