Jan 16 2014

NetFlow in Cisco-Capable devices.

NetFlow is a tool used to export flows of traffic that transit through an interface on a router.
NetFlow version 5, 8 and 9 support IPv4, only version 9 supports IPv6, the default transport used is UDP.

Flows should be analyzed locally in the router or sent to a NetFlow Server periodically to permit a deeper and more convenient analysis.

Continue reading

Dec 16 2011

Cisco 6to4 Public Relay Service.

6to4 tunnels and connections to a 6to4 relay service need not be requested or negotiated between customers and the ISP.
The ISP simply configures the 6to4 relay service and customers can automatically connect to the service whenever they like.

Because of the one-to-many relationship between the 6to4 relay service and each 6to4 tunnel (each customer), there is low maintenance and management overhead associated with 6to4 tunnels and a 6to4 relay service. However, given that customers use the IPv4 address of their border router to construct the 6to4 address that they use to connect to the 6to4 relay service (they are not delegated a /48 prefix from the ISP), the ISP may want to manage the IPv4 routing announcements for the relay service to control its use (the ISP will need IPv4 traffic statistics to identify individual customers for using the service).
Continue reading

Nov 3 2011

Cisco (Type 7) Passwords PHP decrypt script

Cisco devices can be configured to store weak “obfuscated” passwords, also called “Type 7 Passwords”.

This script aims to recover this type of passwords, from the obfuscated string.

Since Password Obfuscation (Type 7) is not secure, if accounts details are stored inside device configuration, it is recommended to have it crypted with MD5 algorithm.

Continue reading

Sep 2 2011

Archive Router’s configuration on Cisco IOS

The Configuration Archive is simple and powerful feature:
every time the router operator requests it (or periodically, if configured), the router stores its current configuration (on an external storage).

The external file names can include router name, configuration date-and-time, as well as a configuration version number. Continue reading

Jul 18 2011

NAT Logging on Cisco Routers

The ip nat log translations syslog command is used to perform NAT logging.

Every NAT translation created on the router is logged to syslog (which can be addressed to console, syslog host or internal buffer).

This command is useable to monitor address translations on edge routers (for example, due to security policy or auditing requirements). Continue reading