refary.blogg.se - No vstack command not working

NO VSTACK COMMAND NOT WORKING HOW TO

Ğnsure your port number is 22 and click ‘Open’ - Port 21 if your using telnet :-|.

Ĝlick ‘Session’ and enter the IP address of the router in the ‘Host Name’ field.

Save the filename as something unique such as the routers hostname and save it as a.

Ĝlick ‘Browse’ and select the location you would like to save the log file.

You will need to configure your PuTTy client to write a log file of your session. The initial stage of evidence gathering can be completed by issuing a number of ‘show’ commands and recording the output. This post does not cover routers which are running IOS-XR. Ensure that work is undertaken alongside the network team/admins and appropriate controls are in place. I accept no responsibility for any unexpected behaviour or sudden reboots of any Cisco router where this process has been implemented. When triaging or investigating any network device never perform a reboot, this will lose all volatile data within the device and compromise the investigation.

NO VSTACK COMMAND NOT WORKING HOW TO

This post outlines how to gather simple things such as logs from the device and also check to see if the IOS has been tampered with and potentially implanted with something malicious. This may be where an internet facing router has been identified and is using default logon creds, perhaps Cisco Smart install was left enabled or you may just want to take a look at who has been poking around on the box.

This blog post is aimed at incident response teams who need to investigate and gather evidence from a cisco router in a forensically sound manner.