Destroying a Cisco Router Network: How a disgruntled employee can do some serious damage
A couple of weeks ago the company I work for went through and did some lay offs in the network group. You know the market isn’t as good as it was back 3 years ago. Well, while thinking about being laid off and how much everyone at the company was mad about the lay offs I started thinking. If I really wanted to hurt this network what would I do? Well I automatically figured that I could go to a random list of routers in our network of 800 plus and issue reload statements that would allow me to reload them 5 or 6 hours after I was gone that day. If I was still there after they did all the head chopping for that day then I would remove the reload by doing a no reload and all would be clear and everyone at the company would think nothing of it. This got me started thinking so over lunch one day I started talking to some of the guys in my group about what I was thinking and turns out my reload statement was nothing. I figured it was the greatest thing ever to have random routers reload a different times around the network. The routers would come back up and business would go back to usual. But then I got into this.
It turns out that Cisco has other pretty good commands that are used for the right purposes and that makes them the routers and switches we have all grown to love. But used in the wrong way, they could take a large network down for months. So here is how it goes.
Authors note: I do not recommend anyone trying this if you are mad at your company or just want to mess around. After my coworkers and I talked about it we all figured your going to do some jail time if you do this.
The Cisco platform has a flash based memory system that only allows you so much space, so let say you have a 32mb flash card with an IOS image of 20mb on it. You want to do an upgrade so you delete whatever image was on the flash to make room for your new upload. At this point you don’t have a flash image on the box, if you reload the router it will come up into a boot prompt but unless you have out of band access that still means a trip out to each of the routers. To add to this mess, if you really want to be bad, write erase the configuration on the router so if someone is going to drive out with a new flash card to boot the router there is no configuration on it to let it run. The engineer who is on site will have to have a backed up configuration on their laptop or a TFTP server to pull one off of. The other thing is if your company has built in a band management system modems or a Cisco terminal server you can do two things on the terminal server: you can treat it like the router, delete the flash and issue it a reload. If it’s a modem or a workstation than before you reload the router be sure you go into the config register and change the baud rate and stop bits on the console and aux ports. Now with the config register changed the box is pretty much toast. On a large network if you did this to 20 or 30 routers the network might be down for a week. But if you script out the attack to hit say 100 or more routers the network is going to be down for months.
How would I defend against this? Either bug the heck out of Cisco to make the router smart enough that it would notice it didn’t have a config or a image in flash and not let you use the reload command in a situation like that; or build up your routers security implement TACACS+ with redundant servers for the routers to authenticate too. If you do this then you still have to worry about someone taking down the TACACS+ servers and if they know your last resort password for your routers they are still going to be able to get in and do the same damage. I recommend you protect this by putting SSH on your routers and building a couple of hardened management machines that are the only ones that have access to the routers. This way your router configs and last resort users password cannot be sniffed on your network. I know engineers are famous for wanting the easy “hey lets just turn on the router on our internal network and let it go”. What is easier is adding a couple of lines to a config file instead of driving out to each of your sites for a month and reloading flash and rebuilding configs on site. I figure there are a ton of other ways you can mess up your routers and switches but like I said I do not recommend anyone do something like this.