back to article Troubleshooting feature on Cisco routers is open to data-slurp abuse

A default feature of Cisco routers can readily be abused to collect data, security researchers warn. Embedded Packet Capture (EPC) was designed by Cisco as a troubleshooting and tracing tool. The feature allows network administrators to capture data packets flowing through a Cisco router. Brazilian security researchers …

  1. A Non e-mouse Silver badge

    Er, has anyone told the researchers about tcpdump, which is part of many *nix systems? That can slurp data and write it to disc.

    1. Anonymous Coward
      Anonymous Coward

      This is just the tip of the iceburg....

      I've noticed that when I save files onto a remote server, I can read them using a completely different computer in another location!

      Now is the time to start burning these infernal machines. Fire will cleanse the data...

      1. DNTP

        Re: tips and icebergs

        I just noticed that when I use my computer to delete a file on the server, it can't be accessed any more from ANY computer ANYWHERE, which is super good security.

        Then all these people who work in offices near me start screaming things like "where is the inventory spreadsheet".

        1. Anonymous Coward
          Anonymous Coward

          Re: tips and icebergs

          During the fire, nothing was said or screamed, the data just quietly disappeared. I considered playing Prodigy but that that was a little obvious.

  2. Rob Crawford

    I'm pulling the plugs now

    Dear God I hope they don't discover sniffers or the existence of SPAN ports on Cisco switches either.

  3. Anonymous Coward
    Anonymous Coward


    what is it about this story that i am missing

    surely an attacker who has full root access to your routers has got potential access to all the data travelling on the network irrespective of brand or embedded features?

    1. Spud

      Re: omg

      They've discovered a new "feature" not a "flaw" and got all worried about it. Next they'll expand their research and discover that Checkpoint firewalls have tcpdump and that "feature" is a major security risk we should all panic about. Oh wait .... BigIP also has that feature .... and apache webservers ... and omg even my windows machine has this thing called wireshark. We should just switch off the lights and go home. The networks are insecure and we're all doomed.

  4. RainForestGuppy

    If you think that's bad...

    In my office there is a machine which can take a copy of any piece of paper put into it. The copy is such good quality you can just take it away and read it just like the original.

    Obviously I was obliged to immediately take a fireaxe to said device.

  5. ecofeco Silver badge

    Cable pr0n?

    Nice accompanying picture of some serious cable pr0n. I think I've only seen one set up in my life that actually looked that nice.

    If only only they all did. *sigh*

    1. chris 17 Silver badge

      Re: Cable pr0n?

      but what was the machine the cables where plugged into, didn't look like any recent network system i've seen.

      1. -v(o.o)v-

        Re: Cable pr0n?

        Cisco 7609-S with top bezel removed, dual RSP-720.

  6. -v(o.o)v-

    Most ridiculous "research" in field of IT security in a while, if Reg's summary is correct. Like above posters had said, what about tcpdump in *nix, pcap in all systems etc.

    It is really laughable and puts the whole "cconference" where it was presented in bad light.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021