Cisco EPC3925 log kinyerése lehetséges-e valahogy

Hálózati eszközök

Van nekem egy a T-Csoda által telepített Cisco EPC3925 Gateway-em routerem vagymim. Végülis mindegy.

A tegnapi vihar óta annyira meghülyült, hogy alig tudok tévét nézni vagy internetezni, vagy éppen telefonálni, mert állandóan újraindul ez a vacak. És még azt mondják hogy a Cisco cuccok azok azért jók.Kitaláltam hogy valahogy kinyerem belőle a logokat, - ha vannak - hogy legalább sejtsem, hogy mi a f.rász folyik a saját hálózatomon. Hát ugye már amennyi az enyém belőle még :) Első lépés hogy megkeresem hogy hol is van a router nyitott potja(i), de rá kellet jönnöm, hogy a router nem is ott van ahova én tettem. Vagy nem egészen...
Vagy ilyesmi...

a routert áttettem a 192.168.5.1-re
és... 

root@desktop:~# for i in $(seq 0 254); do nmap -sn 192.168.$i.1 | grep -q "Host is up" && echo "192.168.$i.1"; done
192.168.5.1
192.168.9.1
192.168.33.1
192.168.34.1
192.168.35.1
192.168.36.1
192.168.37.1
192.168.38.1
192.168.39.1
192.168.100.1
192.168.122.1

hanem mindenütt ott van ahol nem kéne,
és vajon hol találnám még meg ha jobban keresgélnék,
és hol itt hol ott, hol ez hol az van nyitva rajta 

root@desktop:~# nmap -A 192.168.5.1

Starting Nmap 6.47 ( http://nmap.org ) at 2015-07-09 19:44 CEST
Nmap scan report for cisco (192.168.5.1)
Host is up (0.0027s latency).
Not shown: 996 filtered ports
PORT     STATE  SERVICE    VERSION
23/tcp   closed telnet
80/tcp   open   tcpwrapped
1900/tcp closed upnp
8080/tcp closed http-proxy
MAC Address: 24:76:7D:4B:52:47 (Cisco Spvtg)
Device type: broadband router
Running: Cisco eCos 2.X, Motorola eCos 2.X, Scientific Atlanta eCos 2.X
OS CPE: cpe:/h:cisco:epc3925 cpe:/h:motorola:sb5101e cpe:/h:scientific_atlanta:epc2203
OS details: Cisco EPC3925, DPC2320, Motorola SURFboard SB5101E, or Scientific Atlanta EPC2203 cable modem (eCos 2.0)
Network Distance: 1 hop

TRACEROUTE
HOP RTT     ADDRESS
1   2.70 ms cisco (192.168.5.1)

OS and Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 113.69 seconds

root@desktop:~#
root@desktop:~# nmap -v 192.168.100.1

Starting Nmap 6.47 ( http://nmap.org ) at 2015-07-09 16:46 CEST
Initiating Ping Scan at 16:46
Scanning 192.168.100.1 [4 ports]
Completed Ping Scan at 16:46, 0.23s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 16:46
Completed Parallel DNS resolution of 1 host. at 16:46, 0.00s elapsed
Initiating SYN Stealth Scan at 16:46
Scanning 192.168.100.1 [1000 ports]
Discovered open port 80/tcp on 192.168.100.1
Increasing send delay for 192.168.100.1 from 0 to 5 due to 11 out of 31 dropped probes since last increase.
Increasing send delay for 192.168.100.1 from 5 to 10 due to max_successful_tryno increase to 4
Increasing send delay for 192.168.100.1 from 10 to 20 due to max_successful_tryno increase to 5
Increasing send delay for 192.168.100.1 from 20 to 40 due to max_successful_tryno increase to 6
Increasing send delay for 192.168.100.1 from 40 to 80 due to max_successful_tryno increase to 7
Increasing send delay for 192.168.100.1 from 80 to 160 due to 19 out of 62 dropped probes since last increase.
SYN Stealth Scan Timing: About 31.11% done; ETC: 16:48 (0:01:09 remaining)
Discovered open port 9100/tcp on 192.168.100.1
SYN Stealth Scan Timing: About 64.76% done; ETC: 16:48 (0:00:53 remaining)
SYN Stealth Scan Timing: About 72.47% done; ETC: 16:49 (0:00:57 remaining)
Discovered open port 515/tcp on 192.168.100.1
Completed SYN Stealth Scan at 16:50, 234.03s elapsed (1000 total ports)
Nmap scan report for 192.168.100.1
Host is up (0.00061s latency).
Not shown: 973 closed ports
PORT      STATE    SERVICE
80/tcp    open     http
425/tcp   filtered icad-el
515/tcp   open     printer
777/tcp   filtered multiling-http
901/tcp   filtered samba-swat
1026/tcp  filtered LSA-or-nterm
1114/tcp  filtered mini-sql
1192/tcp  filtered caids-sensor
1761/tcp  filtered landesk-rc
2049/tcp  filtered nfs
2144/tcp  filtered lv-ffx
2366/tcp  filtered qip-login
2393/tcp  filtered ms-olap1
2605/tcp  filtered bgpd
3689/tcp  filtered rendezvous
5226/tcp  filtered hp-status
6004/tcp  filtered X11:4
6129/tcp  filtered unknown
8873/tcp  filtered dxspider
9009/tcp  filtered pichat
9100/tcp  open     jetdirect
9998/tcp  filtered distinct32
10082/tcp filtered amandaidx
10778/tcp filtered unknown
12345/tcp filtered netbus
30718/tcp filtered unknown
55555/tcp filtered unknown

Read data files from: /usr/bin/../share/nmap
Nmap done: 1 IP address (1 host up) scanned in 234.40 seconds
           Raw packets sent: 2590 (113.936KB) | Rcvd: 1219 (48.760KB)
root@desktop:~# 
root@desktop:~# 
root@desktop:~#nmap -A 192.168.33.1

Starting Nmap 6.47 ( http://nmap.org ) at 2015-07-09 19:48 CEST
Nmap scan report for 192.168.33.1
Host is up (0.0050s latency).
Not shown: 996 filtered ports
PORT     STATE  SERVICE    VERSION
23/tcp   closed telnet
80/tcp   closed http
1900/tcp closed upnp
8080/tcp closed http-proxy
Too many fingerprints match this host to give specific OS details
Network Distance: 1 hop

TRACEROUTE (using port 8080/tcp)
HOP RTT     ADDRESS
1   5.59 ms 192.168.33.1

OS and Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 22.01 seconds
root@desktop:~#
root@desktop:~#
root@desktop:~# nmap -A 192.168.100.1

Starting Nmap 6.47 ( http://nmap.org ) at 2015-07-09 19:48 CEST
Nmap scan report for 192.168.100.1
Host is up (0.0020s latency).
Not shown: 997 closed ports
PORT     STATE SERVICE    VERSION
80/tcp   open  tcpwrapped
515/tcp  open  printer?
9100/tcp open  jetdirect?
Device type: general purpose
Running: Wind River VxWorks
OS CPE: cpe:/o:windriver:vxworks
OS details: VxWorks
Network Distance: 2 hops

TRACEROUTE (using port 143/tcp)
HOP RTT     ADDRESS
1   0.65 ms cisco (192.168.5.1)
2   3.44 ms 192.168.100.1

OS and Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 370.97 seconds

Vajon ha a 'wan' oldalon kezdeném el piszkálni mi a fenét láthatnék rajta?

Nem nagyon tudom...
Esetleg valaki?

  • 2264 megtekintés

( mauser1 v | 2015. 07. 09., cs – 20:13 )

192.168.5.1-en van a tiéd a többi a "szomszédoké", 192.168.0.0/16 scannelted be.

Vicces lenne, mert tiltva kellene hogy legyen :)) Sőt ami azt illeti a loopback sem szokott jó lenni a routereknél, hacsak nincs külön szabály rá az iptablesben, mivel elvileg ez a cisco valami unix like-al megy, lehinkább valami linuxal, hacsak a T-sek nagyon ki nem csesztek velem

( mauser1 v | 2015. 07. 10., p – 06:21 )

Kicsit agyaltam, 192.168.5.1 a te routered. A többi C-s ip pedig a t-home vmilyen szerverei és/vagy router-ei, switch-ei. Mivel a tracert szerint is kiugrik a tiedről de nem ér el még a CLSM -be.