How to Detect Common Router, Switch and Firewall Weaknesses
To avoid hacks, it is a good idea to try and find any router, switch, and firewall weaknesses. Some high-level security vulnerabilities commonly found on network devices can create many problems. Once you know about them, you can take measures shore them up.
You want to ensure that HTTP and telnet interfaces to your routers, switches, and firewall aren’t configured with a blank, default, or otherwise easy-to-guess password. This advice sounds like a no-brainer, but it’s for one of the most common weaknesses.
When a malicious insider or other attacker gains access to your network devices, he owns the network. He can then lock out administrative access, set up back-door user accounts, reconfigure ports, and even bring down the entire network without you ever knowing.
Another weakness is related to HTTP and telnet being enabled and used on many network devices. Care to guess why this is a problem? Well, anyone with some free tools and a few minutes of time can sniff the network and capture login credentials for these systems when they’re being sent in cleartext. When that happens, anything goes.
Businesses running a VPN on a router or firewall are common. If you fall into this category, chances are good that your VPN is running the Internet Key Exchange (IKE) protocol, which has a couple of well-known exploitable weaknesses:
It’s possible to crack IKE aggressive mode pre-shared keys using Cain & Abel and the IKECrack tool.
Some IKE configurations, such as those in certain Cisco PIX firewalls, can be taken offline. All the attacker has to do is send 10 packets per second at 122 bytes each and you have a DoS attack on your hands.
You can manually poke around to see whether your router, switches, and firewalls are vulnerable to these issues, but the best way to find this information is to use a well-known vulnerability scanner, such as QualysGuard. After you find which vulnerabilities exist, you can take things a step further by using the Cisco Global Exploiter tool (available via the BackTrack Linux toolset). To run Cisco Global Exploiter, follow these steps:
Download and burn the BackTrack Linux ISO image to CD or boot the image directly through VMWare or VirtualBox.
After you enter the BackTrack Linux GUI (log in using the credentials root/toor and enter the command startx), click Applications, Backtrack, Exploitation Tools, Network Exploitation Tools, Cisco Attacks, and then Cisco Global Exploiter.
Enter the command perl cge.pl ip_address exploit_number.
Good scanners and exploitation tools will save you a ton of time and effort that you can spend on other, more important things, such as Facebook and Twitter.