Jan 16 2014

NetFlow in Cisco-Capable devices.

NetFlow is a tool used to export flows of traffic that transit through an interface on a router.
NetFlow version 5, 8 and 9 support IPv4, only version 9 supports IPv6, the default transport used is UDP.

Flows should be analyzed locally in the router or sent to a NetFlow Server periodically to permit a deeper and more convenient analysis.

Continue reading

Dec 16 2011

Cisco 6to4 Public Relay Service.

6to4 tunnels and connections to a 6to4 relay service need not be requested or negotiated between customers and the ISP.
The ISP simply configures the 6to4 relay service and customers can automatically connect to the service whenever they like.

Because of the one-to-many relationship between the 6to4 relay service and each 6to4 tunnel (each customer), there is low maintenance and management overhead associated with 6to4 tunnels and a 6to4 relay service. However, given that customers use the IPv4 address of their border router to construct the 6to4 address that they use to connect to the 6to4 relay service (they are not delegated a /48 prefix from the ISP), the ISP may want to manage the IPv4 routing announcements for the relay service to control its use (the ISP will need IPv4 traffic statistics to identify individual customers for using the service).
Continue reading

Nov 3 2011

Cisco (Type 7) Passwords PHP decrypt script

Cisco devices can be configured to store weak “obfuscated” passwords, also called “Type 7 Passwords”.

This script aims to recover this type of passwords, from the obfuscated string.

Since Password Obfuscation (Type 7) is not secure, if accounts details are stored inside device configuration, it is recommended to have it crypted with MD5 algorithm.

Continue reading

Oct 26 2011

Cisco Terminal Server

To configure a Terminal Server it is possible to setup just reverse telnet sessions with the ‘host’ command

The cleanest implementation way is by using the ‘Menu’ command, since it looks better and is more convenient to use.


Component Used:

  • Cisco 2509/11 Access Router or a modular Cisco Router with a HWIC-8A (8ports) or 28xx with a HWIC-16A (16ports) expansion card.
  • 1 or 2 Octal Cables (CAB-HD8-ASYNC) to connect the Access Router (above) to every other serial device (switch or router), via console ports. Continue reading

Jul 18 2011

NAT Logging on Cisco Routers

The ip nat log translations syslog command is used to perform NAT logging.

Every NAT translation created on the router is logged to syslog (which can be addressed to console, syslog host or internal buffer).

This command is useable to monitor address translations on edge routers (for example, due to security policy or auditing requirements). Continue reading