BSD DevCenter
oreilly.comSafari Books Online.Conferences.

advertisement


Accessing a Cisco Router
Pages: 1, 2, 3

Now let's try re-accessing the router using the tip utility. With tip, you don't use line or speed switches as tip expects you to use an entry from the /etc/remote file. Let's take a quick look at this file:



more /etc/remote
# $FreeBSD: src/etc/remote,v 1.10.2.1 
#    2001/03/06 02:22:39 obrien Exp $
#
#	@(#)remote	5.2 (Berkeley) 6/30/90
#
# remote -- remote host description file
# see tip(1), remote(5)
#
# dv	device to use for the tty
# el	EOL marks (default is NULL)
# du	make a call flag (dial up)
# pn	phone numbers (@ =>'s search phones file; 
#	    possibly taken from PHONES environment variable)
# at	ACU type
# ie	input EOF marks (default is NULL)
# oe	output EOF string (default is NULL)
# cu	call unit (default is dv)
# br	baud rate (defaults to 300)
# fs	frame size (default is BUFSIZ) -- used in 
#	    buffering writes on receive operations
# tc	to continue a capability

# Systems definitions
netcom|Netcom Unix Access:\
	:pn=\@:tc=unix1200:
omen|Omen BBS:\
	:pn=\@:tc=dos1200:

# UNIX system definitions
unix1200|1200 Baud dial-out to a UNIX system:\
	:el=^U^C^R^O^D^S^Q:ie=%$:oe=^D:tc=dial1200:
unix300|300 Baud dial-out to a UNIX system:\
	:el=^U^C^R^O^D^S^Q:ie=%$:oe=^D:tc=dial300:

# DOS system definitions
dos1200|1200 Baud dial-out to a DOS system:\
	:el=^U^C^R^O^D^S^Q:ie=%$:oe=^Z:pa=none:tc=dial1200:

# General dialer definitions used below
#
# COURIER switch settings:
# switch:	1 2 3 4 5 6 7 8 9 10
# setting:	D U D U D D U D U U
# Rackmount:	U U D U D U D D U D
#
dial2400|2400 Baud Hayes attributes:\
	:dv=/dev/cuaa0:br#2400:cu=/dev/cuaa0:at=hayes:du:
dial1200|1200 Baud Hayes attributes:\
	:dv=/dev/cuaa0:br#1200:cu=/dev/cuaa0:at=hayes:du:

# Hardwired line
cuaa0b|cua0b:dv=/dev/cuaa0:br#2400:pa=none:
cuaa0c|cua0c:dv=/dev/cuaa0:br#9600:pa=none:

# Finger friendly shortcuts
com1:dv=/dev/cuaa0:br#9600:pa=none:
com2:dv=/dev/cuaa1:br#9600:pa=none:
com3:dv=/dev/cuaa2:br#9600:pa=none:
com4:dv=/dev/cuaa3:br#9600:pa=none:

That file looks pretty icky until you get to the finger-friendly shortcuts section at the bottom that contains the entries for the four com ports. To use tip, I simply have to type:

tip com2
connected

When I press Enter, I'll again see my router> prompt meaning I'm back into Cisco's user mode prompt. When I'm finished my tip session, I disconnect from the router by typing:

~^D
[EOT]

You need a bit more finger coordination for that disconnect sequence. Hold down Shift while you press the ~ key; keep your finger on the Shift key as you press the Control key, then the letter "D".

Let's move on to the comms section of the ports collection and build some ports that can be used to access the Cisco router. I'll start with minicom:

cd /usr/ports/comms/minicom
make install clean
===> minicom-1.83.1_2 is forbidden: Local exploit yielding setuid uucp.

You'll note that this port has been marked as forbidden as there is an exploit in minicom. To read about the details and the workaround for this exploit, see this advisory.

Once you've read the advisory, you can decide for yourself if this port will be a risk in your environment. Because there is an easy workaround and I won't be using minicom as a dial-in server, I'll resume the build. First, I'll have to remove the remark (#) from the FORBIDDEN line of the make file, then I'll rerun the make. I've included some of the interesting output of the build:

make install clean
<snip>
# this script creates a link from your comm 
# port to /dev/modem
/bin/sh /usr/ports/comms/minicom/scripts/create-dev-link
Minicom will be installed mode 4511 (setuid) owner uucp, 
 and group dialer. Is this ok? [y] y
Minicom needs to know what device your modem is hanging 
 off of. I (the porter) have adopted Satoshi Asami's lead 
 of using /dev/modem.
Lets see if you have too...Nope, you haven't (yet).
The patches to Minicom hardcode /dev/modem.
Would you like me to make this link for you? [Y] 
From the list below, what port number is your modem 
 attached to?
cuaa0	cuaa1	cuaa2	cuaa3
Enter the number X from cuaaX above : 1
<snip>
===>  SECURITY NOTE: 
      This port has installed the following binaries 
      which execute with increased privileges.
1143283  288 -rwsr-xr-x   1 uucp   dialer  
  132420 Oct  4 12:33 /usr/local/bin/minicom

      If there are vulnerabilities in these programs 
      there may be a security risk to the system. 
      FreeBSD makes no guarantee about the security of
      ports included in the Ports Collection. Please 
      type 'make deinstall' to deinstall the port if 
      this is a concern.

Before we use minicom, let's do the workaround for that exploit as explained in the advisory:

chmod -s /usr/bin/minicom
chmod: /usr/bin/minicom: No such file or directory

Hmm, better try that again:

which minicom
/usr/local/bin/minicom
chmod -s /usr/local/bin/minicom

The first time you use minicom, you'll want to enter its setup mode by using the s switch like so:

minicom -s

This will bring up the minicom configuration menu. I'll arrow down to the "Serial port setup" and press Enter. I'll then press "A" to change the Serial device from /dev/modem to dev/cuaa1. I'll then press "E" to change the Bps/Par/Bits, then press E again to select 9600. Finally, I'll press "F" to turn off Hardware Flow Control. I'll press the Escape key to leave this configuration menu, arrow down to "Save setup as.." and I'll save this entry as "cisco". Once my configuration is saved, I'll arrow down to "exit" at which point minicom will connect to the Cisco router and I'll see my router> prompt.

Pages: 1, 2, 3

Next Pagearrow





Sponsored by: