Assumptions Team Pwnage Made

A few assumptions and changes must be made to the original Case Study in order for the typology and set up to function, and the security flaws be determined and suggestions offered to correct them. 

 

First, as we are not provided with a typology diagram, nor a description of the network we are working on, we must determine the overall network layout.  We have decided that the 192.168.130 range of IPs, and the Eth0 interface belong to the internal interface of the border router, and that the 10 range of IPs refer to external IP addresses, making the connection to the ISP router be via the serial port.  Further details of the network typology are outlined in the typology diagram. 

 

Second, some corrections must be made to the provided configuration in order for the scenario to be analyzed:

1) For the 192.168.130 internal hosts to have internet connectivity, and for Jason to have scanned the 192.168 range, there must be a routing table entry on the ISP router for the 192.168.130 IP range.  Otherwise, no packet will be able to be routed from outside the border router back to the corporate network, based on the configuration of the border router.  One potential solution is that the IGRP on the border router should be given the 192.168 network as well, to propogate to the ISP router which would also need IGRP configured.  Probably the better alternative, in this original scenario is that the ISP router can be configured with a static route.  This means that the internal corporate network is broadcasted publically. 

2) We must assume that the static route assigned is incorrect, as it is currently points the host IP 10.5.4.254 towards the 192.168.130 network.  As this static route does not seem to provide any function, we can assume that it is just an error that should not be present in the configuration.  Instead, a default route pointing traffic towards the ISP router should be configured. 

3) Classless routing is disabled by default in the boarder router configuration file.  However, this would mean that use of the 10.0.0.0 network for the serial connection between the ISP router and the Border router would completely tie up the entire 10.*.*.* IP range.  Instead, we should assume that classless rounting is not disabled, and the ping attack recipient is a host connected to the corporate border router through the internet. 

4) According to the router configuration that we have been provided with, telnet connections will not work by default.  We can assume this is an oversight in the case study, and that the login local command should have been applied to the line vty interfaces. 

5) In order for the internal clients to reach the internet, a default route must have been configured on the Router pointing towards the ISP router.