Destroying a Cisco Router Network: How a disgruntled employee can do some serious damage
by Eric McWilliams - Wednesday, 26 March 2003.
A couple of weeks ago the company I work for went through and did some lay offs in the network group. You know the market isn't as good as it was back 3 years ago. Well, while thinking about being laid off and how much everyone at the company was mad about the lay offs I started thinking. If I really wanted to hurt this network what would I do? Well I automatically figured that I could go to a random list of routers in our network of 800 plus and issue reload statements that would allow me to reload them 5 or 6 hours after I was gone that day. If I was still there after they did all the head chopping for that day then I would remove the reload by doing a no reload and all would be clear and everyone at the company would think nothing of it. This got me started thinking so over lunch one day I started talking to some of the guys in my group about what I was thinking and turns out my reload statement was nothing. I figured it was the greatest thing ever to have random routers reload a different times around the network. The routers would come back up and business would go back to usual. But then I got into this.

It turns out that Cisco has other pretty good commands that are used for the right purposes and that makes them the routers and switches we have all grown to love. But used in the wrong way, they could take a large network down for months. So here is how it goes.

Authors note: I do not recommend anyone trying this if you are mad at your company or just want to mess around. After my coworkers and I talked about it we all figured your going to do some jail time if you do this.

The Cisco platform has a flash based memory system that only allows you so much space, so let say you have a 32mb flash card with an IOS image of 20mb on it. You want to do an upgrade so you delete whatever image was on the flash to make room for your new upload. At this point you don't have a flash image on the box, if you reload the router it will come up into a boot prompt but unless you have out of band access that still means a trip out to each of the routers. To add to this mess, if you really want to be bad, write erase the configuration on the router so if someone is going to drive out with a new flash card to boot the router there is no configuration on it to let it run. The engineer who is on site will have to have a backed up configuration on their laptop or a TFTP server to pull one off of. The other thing is if your company has built in a band management system modems or a Cisco terminal server you can do two things on the terminal server: you can treat it like the router, delete the flash and issue it a reload. If it's a modem or a workstation than before you reload the router be sure you go into the config register and change the baud rate and stop bits on the console and aux ports. Now with the config register changed the box is pretty much toast. On a large network if you did this to 20 or 30 routers the network might be down for a week. But if you script out the attack to hit say 100 or more routers the network is going to be down for months.


Harnessing artificial intelligence to build an army of virtual analysts

PatternEx, a startup that gathered a team of AI researcher from MIT CSAIL as well as security and distributed systems experts, is poised to shake up things in the user and entity behavior analytics market.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Mon, Feb 8th