CISCO ROUTERS--and being evil

[toshiba3020]

I will state, first of all, this is not going to get me/you in any trouble. This is a school exersize on routesr that are not connected to a network and will cause no inconviences or get no on angry. If you are okay with not pissing people off, read on.

I am in a CCNA class where our instructor has divided up the class into two teams of 4 people, Team1 and Team2. Team1 gets 10 mins. to set up the 5 router lab as told by our instructor(same as in the CCNA cirriculum if you are familiar with it). It isnt anything terribally complicated, just ips, host tables, checking cable connectons, getting telnet working, thats about it. After that is done, Team2 gets 5 mins to make just three changes to the routers(hardware or a configuration change). Then, Team1 comes back and is timed on how long it takes them to correct all the changes(without reloading routers, or copying a saved config, all has to be done by hand). With the limited number of changes I was wondering what some good things to screw up. Anyone have any good ideas on what to do? We had a practice today, and it took the group 10 mins to figure out I cut one wire on their console cable . So cutting wires they will not prepare for. Oh ya, requirments: no changing passwords, no changes to the computers, nothing destructive(rule added after my console stunt ), and cannot load a diffrent IOS. So if anyone has any ideas, please let me know.

Thanks
Garrett

 

[spidey07]

delete IOS
delete config
change baud rate on console/aux ports to 1200
change baud rate on console via confreg to 1200
^^^^those two are the killers pick a rate won't even display characters on 9600 terminal
change confreg to not allow break and to boot off network and boot config
change passwords

even the best pros would have a hard time, including the instructor.

<edit> move flash or ram so that it appears secure but is not
format and partition flash to sizes that NO ios image will fit
type command no ip routing
change MTU on physical interfaces to 66
ip route x.x.x.x y.y.y.y null0
put physical interfaces into loopback
edit "line con0" and aux0 to not allow terminal connections
^^^^another killer

all that...that's just wrong.

 

[Confused]

Yeah, i know the layout, i've got the Semester 4 final next week

Well, a good thing i guess would be changing IP addresses, but don't make them too obvious. Just change a digit, say change a 9 to a 6 or something really subtle, so as they skim over the config looking for obvious changes, and they probably won't pick up subtle changes. I'd also consider changing just one cable over or something.


/me goes off to the cisco site to pull up the layout


Like....on Lab_B, swap over the two serial lines, or same on Lab_C

I'll have a think of what 3 things i could/would do to screw up this configuration

Would also come in handy if i had to do this!

ConfusedBW

 

[spidey07]

If they are using the 68-pin D connector for serial ports then plug the cable in upside down.

mean dude....very mean.

 

[toshiba3020]

"even the best pros would have a hard time, including the instructor."

heh....my instructor can barly work a router

Anyways spidey07, those are some great ideas. I am definitally trying some of those.

"format and partition flash to sizes that NO ios image will fit."

I love that one .


ConfusedBW, I did change some ip addresses. I went into the host tables and changed an ip from 205.7.5.1 to 205.7.5.2, something you could easily miss if you just scan the table.


Spidey07, Can you explain one of them, I am not familiar with the effects of this(and dont want to try on my own routers til I know lol)
"change MTU on physical interfaces to 66"



Thanks all and keep the ideas coming
Garrett

 

[toshiba3020]

Just if anyone wants to know, here is the basic lab setup.

5 routers (1x 2514, 4x 2501)


Lab-A <--serial--> Lab-B <--serial--> Lab-C <--serial--> Lab-D <--ethernet--> Lab-E

 

[toshiba3020]

I thought of something very cruel, how about disabeling privlaged-exec commands, does anyone know how/if you can do this on a 2500 series router?

Thanks

 

[Santa]

Create access lists that only allow your Telnet session to get to the box.
Change their Roll over cable to a straight through cable on the console
Set the IP to a broadcast node on a 255.255.240.0 which hopfully is the same IP as what they currently have.

 

[Confused]

Look here and here for the lab configuration and IP addresses of the interfaces

Might help in thinking of how to sabotage!

ConfusedBW

 

[ScottMac]

One of my favorites these days is cutting the MTU size to 256-512. If you're using just about any routing protocol, it won't propagate routes because many/most/all routing protocols (RIP fer sher) won't allow fragmentation...have enough networks defined to keep the RIP update packets abover the MTU size (13 subnets fail at 512 MTU, maybe less).

One of the things they did to us in CIT was to set the console timeout to something like ONE SECOND...you log in, but anytime one second passes, and you haven't kit a key, it logs you out. If you really want to be a prick, set the AUX port to the same (the usual remedy is move to the AUX port...).

Instead of plugging the serial cable in upside-down (which may warp the D-Shell), just reverse 'em (DCE--> DTE) from router A to router B...the cables ARE end-specific.

If you can get your hand on the right cables/tools; clip the connector off of a console cable, then re-crimp the end flipped (as in a NON rolled console cable).

Change the packet type from Ethernet II to 802.3 (RAW, Whatever).

Put in a floating route with a metric value less than the dynamic protocol's route (like less than 120 for RIP).

Just remember.....payback is a B*tch....you're probably not the only person soliciting ideas on the Internet......

FWIW

Scott

 

[Garion]

In all fairness, you SHOULD use real world examples, something that you might see on the job. If you're feeling nice and want to do it this way, you could do:

"NO IP ROUTING" - Shuts off routing and it's one of those basic commands that you don't even THINK about being there.

Messed-up MTU is a good one, but not as effective if you're using static routes, which most likely will for a simple network. Pretty glaring in the config, however.

Setup a routing loop. Router A has a static route to a subnet through router B, router B has a static route for the same subnet back to router A. Happens to everyone, might as well learn to live with it.

Swap some cables around. Always exciting.

But, if you just want to knock 'em off and NOT give real-world examples, a few suggestions..

Slap an access-list on the VTY to just flat disable telnet, then set the console timeout to a second. Use your third command to shut down one interface and you're probably golden.

Use the alias command to setup aliases for "conf" and "configure" to be "exit". Hard to change aliases when you can't get into config mode! Again, shut down an interface and see if they can figure it out. You might be able to use a wildcard (confi*) or something when creating the alias, but I'm not totally sure. If aliases work in non-privledge mode, you could alias out enable and EN.

Move around a cable, then change the hostname on two routers. Can you physically relocate the routers, or are they set and labelled?


It'd be a lot more fun if you had four commands to use - You could shut off telnet and VTY, alias out config and then disable an interface to stop it from routing.

- G

 

[Tallgeese]

<< Setup a routing loop. Router A has a static route to a subnet through router B, router B has a static route for the same subnet back to router A. Happens to everyone, might as well learn to live with it. >>

Like this approach.

I suggest attacking Router B and D. Since the config has the routers connected in series, those two could nearly isolate the other routers. Also, with a little creativity, traffic could start ping-ponging between them. Lovely. Mess with TTL on one of them and watch the meltdown.

Two questions:
Is it 3 changes TOTAL in the entire setup?
Do the configs include static routes or routing protocols?

 

[m2kewl]

<< Just remember.....payback is a B*tch....you're probably not the only person soliciting ideas on the Internet...... >>



That's right.

FWIW - I did some of these to a co-worker at work on non-production routers/6509 switches, next thing I knew - the whole team with fuvking things up - she wasn't too happy, almost got pink-slipped! Moral of story - make sure they have sense of humor before you pull these off.

 

[spidey07]

what....nobody liked my end-all-be-all fubar of setting the console port to 1200 baud and partitioning the flash?

router baked, need complete reload of IOS and have to figure out why you can't get a console connection. Looking at 30 minute at least on that.

 

[Confused]

<< Move around a cable, then change the hostname on two routers. Can you physically relocate the routers, or are they set and labelled? >>



The routers are labelled and in a little cabinet (well, they are where i am!), so no moving them around really.

 

[toshiba3020]

<< what....nobody liked my end-all-be-all fubar of setting the console port to 1200 baud and partitioning the flash?

router baked, need complete reload of IOS and have to figure out why you can't get a console connection. Looking at 30 minute at least on that. >>




Could I accomplish this in A) only 3 steps and B) in under 5 mins ? If so, it will be done

 

[toshiba3020]

Can you please answer that last question? I can try it out on them monday.

 

[Garion]

I don't think you can erase the flash in normal running mode ona 25xx - Others which run from RAM, yes, but not a 25xx which runs from flash. You'd have to do it from ROMMON mode. I would imagine that your professor would probably consider erasing the IOS "destructive"

I have to ask one question - Is your test result based on how well you use your three commands or how long it takes you to fix what they did to you? If you do something really evil, like erasing the IOS on a router, you're probably not going to win many friends, nor the respect of your prof. That's does VERY rarely happen IRL, but you'd be better off being a bit more gentle and giving them something slightly more realistic - Routing loops, etc. Call me a softie, but if you're just in this to totally screw the other team, there's not much point to it. Some of the things we've come up with would take ME more than a half an hour to fix, and I'm certainly no newbie. I don't really think that's the idea of your exam. Put it this way - How would you feel if you came up against Spidey, Scott and I on a team against you? That's essentially what you're doing with our input...

Not trying to be a spoiler here, but if you suddenly get extremely exotic here, isn't your prof going to be just a bit suspicious?

- G

 

[Santa]

I am with Garion on this one.. you've got to hope they don't choose to find their own router pranksters to enlist to create hell for you

I would try to win over your lab partners and professor by doing something real yet explain to them how you could of done something much worse I.E. some of spidey's misspent hours bored at work

 

[spidey07]

Damaged...and just where in the heck have YOU been? Scott is picking up all your slack.

In retrospect the things I posted are VERY mean and downright evil with the very real probability of the instructor not being able to salvage the router.

I'm really starting to like Garion's ideas of alias. Howabout changing the transport on the console or changing speed/stop bits?

 

[Damaged]

Heh, sorry spidey. Been busy, which is good! And not so good, all at the same time. Hot-cutting circuits is always mucho fun. Particularly since it always occurs in the wee hours. Been doing lots of that lately since we're combining/integrating networks. WHEE! I think ScottMac is MORE than capable to pick up my slack. Even though he's such a layer 1 dude (damned EEs!).

My evilness on this one would've been to setup something with the scheduler, like say a reboot, say like every minute.

My other question was is it three steps or three changes? Different things there yanno.

L8R!

 

[xyyz]

i think what alot of you fail to realize is that this is a cisco academy CCNA lab...

so please don't do something overly elaborate that they wouldn't cover in the CCNA curiculum.

Garion's no routing is always a good one...

ScottMac's changing the MTU idea... is something that even a CCNP person would have a hard time to resolve...


at least you guys are lucky enough to have teams... last semester I was the only semester 4 person in the class... and I had to do the semester 4 final ALL ALONE. that was a 4 hour nightmare. fortunately, everything worked.

 

[toshiba3020]

Hah I have a great story for you guys. Everyone on the other team hated it, but we thought it was halarious. I have some friends in a programming class (aka study hall) the same hour as I had cisco. They (and please note, without telling me or without me telling them to) telneted across the schools network, threw our proxy server in cisco(to give us internet access) threw the switch connecting lab-d and lab-e, into the routers where they started shutting down ports and changed one IP. I found on the next day and died laughing. This was just a practice lab, so no harm done. Cant wait til the next time we get to do this(any day now) so I can try some of these other things.

 

[Poontos]

I may have missed a few points/posts/words, but at what point of the CCNA curriculum is toshiba3020 at?

 

[Shockwave]

<< One of my favorites these days is cutting the MTU size to 256-512. If you're using just about any routing protocol, it won't propagate routes because many/most/all routing protocols (RIP fer sher) won't allow fragmentation...have enough networks defined to keep the RIP update packets abover the MTU size (13 subnets fail at 512 MTU, maybe less).
>>



So, lemme get this right. The more subnets on the router, the bigger the MTU size needs to be? Could you explain that a bit more for me please?