Archive : Security

The Cisco Internet Streamer application, part of the Cisco Content Delivery System, contains a directory traversal vulnerability on its web server component that allows for arbitrary file access. By exploiting this vulnerability, an attacker may be able to read arbitrary files on the device, outside...

As a network engineer, you most probably already had to do with PPP authentication at least once or two times in your daily operation.  Even more, if you are going for a Cisco certification (and not only) you should know some stuff about PPP authentication. For today, I’ve planned to deal with...

Digging through Internet I’ve found a very good article from David Davis explaining how to make your life easier when migrating from PIX to ASA. The important thing to note about PIX and ASA configurations are that they are different. In other words, to do one thing on a PIX requires a different...

I have seen that a lot of people is using search engines to look after terms like “NAT: failed to allocate address for…” or “NAT: address not stolen for…” asking for help in regard to a non-functional NAT. Of course I skipped the cases when the solution was obvious...

Every now and then, all network engineers have to deal with some kind of network attack.  Usually, the attack does not target the network devices, but the machines that provide services (e.g. www, database hosting…), because it’s more easy to find on the Internet a script that is probing...

Reflexive access-list are one of the method that help us achive firewall functionality with a router hardware. The other methods that serve to the same purpose are Context-Based Access Control (CBAC) and TCP Intercept. For an introduction to CBAC with example please check my older post Cisco: Use CBAC...

I believe that all of you are familiar with privilege levels (0-15) on Cisco IOS. The most useful for network engineers is level 15 and the highest one as it will allow you full access to all IOS features, but in most networks only a few persons have this privilege level. In my opinion is normal to be...

Sometime ago I had to do a stress test for a Cisco FWSM (Firewall Service Module) to see how the resources are consumed and if some potential traffic can temporarly affect the behavior of this device. For those of you who have don’t know what is a Cisco FWSM, here comes the definition: “Cisco...