need help with configuration

am 31.01.2007 14:47:04 von Shahin

Hi guys,

I need your help on port forwarding on CISCOrouter,
I am new to configuring CISCO router, any way I did configuer my
router, now I can internet and send and recieve mail, so this part is
good.
I did try to open these ports on the router; 25 ,22,443,4002
and I did forward these ports to one of my servers. but when I try to
telnet any of these port I get no anserw at all or when I try to
access my server (SBS 2003) with remote desktop (port 4002)no
connection is made.
I send you a copy of the router configuration,maybe some of you can
see some mistake in it.
Please let me know where is the problem. ( I did change the IP's for
security reson).

myrouter#sh run
Building configuration...

Current configuration : 4694 bytes
!
version 12.4
no parser cache
service nagle
no service pad
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname mydomain
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$QRTEUHN$Sb83SiFXpstr562NA/1iQZ/
950
!
aaa new-model
!
!
aaa authentication login userauthen
local
aaa authorization network groupauthor
local
!
aaa session-id common
!
resource policy
!
no ip source-route
ip cef
!
!
!
!
ip tcp mss 1400
no ip domain lookup
ip domain name mydomain.com
ip inspect name myfw cuseeme timeout
3600
ip inspect name myfw http timeout
3600
ip inspect name myfw rcmd timeout
3600
ip inspect name myfw realaudio timeout
3600
ip inspect name myfw tftp timeout
30
ip inspect name myfw udp timeout 15
ip inspect name myfw tcp timeout
3600
ip inspect name myfw h323 timeout
3600
!
!
!
username johndo secret 5 $1$LJB.$ty/
MZ6auSm3khkhAIMGeTsF/
username test secret 5 $1$ub5k$b/
nmlDv4eMdRpKertyueEDL1
!
!
!
crypto isakmp policy 3
encr 3des
authentication pre-share
group 2
!
crypto isakmp policy 10
authentication pre-share
group 2
crypto isakmp keepalive 10
!
crypto isakmp client configuration group
groepje1
key 427sieb1
pool ippool
!
!
crypto ipsec transform-set transset1 esp-3des esp-md5-
hmac
!
crypto dynamic-map dynmap 10
set transform-set transset1
!
!
crypto map crypmap1 client authentication list
userauthen
crypto map crypmap1 isakmp authorization list
groupauthor
crypto map crypmap1 client configuration address
respond
crypto map crypmap1 20 ipsec-isakmp dynamic
dynmap
!
!
!
!
interface BRI0
no ip address
encapsulation hdlc
shutdown
!
interface ATM0
no ip address
no ip route-cache cef
no ip route-cache
no ip mroute-cache
no atm ilmi-keepalive
pvc 0 8/48
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
dsl operating-mode auto
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Vlan1
ip address 10.0.0.190
255.255.255.0
ip access-group 102 in
ip nat insi
ip inspect myfw in
ip virtual-reassembly
no ip route-cache cef
no ip route-cache
no ip mroute-cache
hold-queue 100 out
!
interface Dialer1
ip address negotiated
ip access-group 113 in
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication pap callin
ppp pap sent-username j...@xs4all.net password 7
66141601034200555953
crypto map crypmap1
!
ip local pool ippool 192.168.10.100
192.168.10.110
ip route 0.0.0.0 0.0.0.0 Dialer1
permanent
!
!
no ip http server
no ip http secure-server
ip nat inside source static tcp 10.0.0.56 7 interface Dialer1
7
ip nat inside source static udp 10.0.0.56 7 interface Dialer1
7
ip nat inside source route-map nonat interface Dialer1
overload
ip nat inside source static tcp 10.0.0.190 22 interface Dialer1
22
ip nat inside source static tcp 10.0.0.180 25 interface Dialer1
25
ip nat inside source static tcp 10.0.0.180 443 interface Dialer1
443
ip nat inside source static tcp 10.0.0.180 110 interface Dialer1
110
ip nat inside source static tcp 10.0.0.180 4002 interface Dialer1
4002
!
access-list 23 permit 82.66.199.22
access-list 23 permit 212.222.20.0
0.0.0.255
access-list 23 permit 10.0.0.0
0.0.0.255
access-list 102 permit ip 10.0.0.0 0.0.0.255
any
access-list 102 permit ip 192.168.10.0 0.0.0.255
any
access-list 102 permit esp any any
access-list 105 deny ip 10.0.0.0 0.0.0.255 192.168.10.0
0.0.0.255
access-list 105 permit ip 10.0.0.0 0.0.0.255
any
access-list 112 permit tcp any any eq
smtp
access-list 112 permit tcp any any eq 443
access-list 112 permit tcp any any eq pop3
access-list 112 permit tcp any any eq
4002
access-list 112 permit ip host 82.62.160.105
any
access-list 112 deny ip any any
access-list 113 permit ip 192.168.10.0 0.0.0.255
any
access-list 113 permit esp any any
access-list 113 permit udp any any eq
isakmp
access-list 113 permit tcp host 82.66.199.22 any eq 22
access-list 113 permit tcp 213.222.20.224 0.0.0.7 any eq 22
access-list 113 permit tcp host 193.172.44.45 eq tftp-data any
access-list 113 permit tcp host 194.151.107.40 eq tftp-data any
access-list 113 permit tcp host 194.151.107.44 eq tftp-data any
access-list 113 permit icmp any any
access-list 113 permit tcp any any eq echo
access-list 113 permit udp any any eq echo
access-list 113 deny ip any any
access-list 115 permit ip any any
access-list 115 permit esp any any
dialer-list 1 protocol ip permit
!
!
!
route-map nonat permit 10
match ip address 105
!
!
control-plane
!
!
line con 0
--More--

Re: need help with configuration

am 31.01.2007 18:51:50 von Default User

On 31 Jan 2007 05:47:04 -0800, "shahin" wrote:

>username johndo secret 5 $1$LJB.$ty/
>MZ6auSm3khkhAIMGeTsF/
>username test secret 5 $1$ub5k$b/
>nmlDv4eMdRpKertyueEDL1

I suggest you change your password immediately and not post it in public
again.

Re: need help with configuration

am 31.01.2007 19:01:55 von roberson

In article ,
Default User wrote:
>On 31 Jan 2007 05:47:04 -0800, "shahin" wrote:

>>username johndo secret 5 $1$LJB.$ty/
>>MZ6auSm3khkhAIMGeTsF/
>>username test secret 5 $1$ub5k$b/
>>nmlDv4eMdRpKertyueEDL1

>I suggest you change your password immediately and not post it in public
>again.

It doesn't matter. It is type 7 passwords that are easy to crack.
Type 5 passwords are MD5 hashes, and if you know an efficient way to
break MD5 hashes then you have made a major cryptography breakthrough.

http://insecure.org/sploits/cisco.passwords.html

Re: need help with configuration

am 31.01.2007 22:41:38 von Shahin

On 31 jan, 19:01, rober...@hushmail.com (Walter Roberson) wrote:
> In article ,
> Default User wrote:
>
> >On 31 Jan 2007 05:47:04 -0800, "shahin" wrote:
> >>username johndo secret 5 $1$LJB.$ty/
> >>MZ6auSm3khkhAIMGeTsF/
> >>username test secret 5 $1$ub5k$b/
> >>nmlDv4eMdRpKertyueEDL1
> >I suggest you change your password immediately and not post it in public
> >again.
>
> It doesn't matter. It is type 7 passwords that are easy to crack.
> Type 5 passwords are MD5 hashes, and if you know an efficient way to
> break MD5 hashes then you have made a major cryptography breakthrough.
>
> http://insecure.org/sploits/cisco.passwords.html

hey,

if you do not have anserw to other peopel question stop jerking, you
think Iam stupid enough to don't change the pasword hashes before put
it on the net? dream on.
give anserw or shutup please.

Re: need help with configuration

am 31.01.2007 23:42:39 von roberson

In article <1170279698.397542.29450@a75g2000cwd.googlegroups.com>,
shahin wrote:
>On 31 jan, 19:01, rober...@hushmail.com (Walter Roberson) wrote:
>> In article ,
>> Default User wrote:

>> >I suggest you change your password immediately and not post it in public

>> It doesn't matter. It is type 7 passwords that are easy to crack.

>if you do not have anserw to other peopel question stop jerking,

You replied to my posting; could I ask you to clarify whether you
were addressing those remarks to me or to someone else?

Re: need help with configuration

am 01.02.2007 14:48:27 von Shahin

On 31 jan, 23:42, rober...@hushmail.com (Walter Roberson) wrote:
> In article <1170279698.397542.29...@a75g2000cwd.googlegroups.com>,
>
> shahin wrote:
> >On 31 jan, 19:01, rober...@hushmail.com (Walter Roberson) wrote:
> >> In article ,
> >> Default User wrote:
> >> >I suggest you change your password immediately and not post it in public
> >> It doesn't matter. It is type 7 passwords that are easy to crack.
> >if you do not have anserw to other peopel question stop jerking,
>
> You replied to my posting; could I ask you to clarify whether you
> were addressing those remarks to me or to someone else?

Hi Walter,

I am sorry, my remarks was pointed to defult user.

Re: need help with configuration

am 01.02.2007 14:48:38 von Shahin

Re: need help with configuration

am 01.02.2007 16:23:12 von Default User

On Wed, 31 Jan 2007 18:01:55 GMT, roberson@hushmail.com (Walter Roberson)
wrote:

>In article ,
>Default User wrote:
>>On 31 Jan 2007 05:47:04 -0800, "shahin" wrote:
>
>>>username johndo secret 5 $1$LJB.$ty/
>>>MZ6auSm3khkhAIMGeTsF/
>>>username test secret 5 $1$ub5k$b/
>>>nmlDv4eMdRpKertyueEDL1
>
>>I suggest you change your password immediately and not post it in public
>>again.
>
>It doesn't matter. It is type 7 passwords that are easy to crack.
>Type 5 passwords are MD5 hashes, and if you know an efficient way to
>break MD5 hashes then you have made a major cryptography breakthrough.
>
>http://insecure.org/sploits/cisco.passwords.html

It's done all the time with brute force attacks. All you need to do is
match the hash and you've got your password. Cain & Able
http://www.oxid.it/ can do it.

Re: need help with configuration

am 01.02.2007 16:24:40 von Default User

On 1 Feb 2007 05:48:27 -0800, "shahin" wrote:

>On 31 jan, 23:42, rober...@hushmail.com (Walter Roberson) wrote:
>> In article <1170279698.397542.29...@a75g2000cwd.googlegroups.com>,
>>
>> shahin wrote:
>> >On 31 jan, 19:01, rober...@hushmail.com (Walter Roberson) wrote:
>> >> In article ,
>> >> Default User wrote:
>> >> >I suggest you change your password immediately and not post it in public
>> >> It doesn't matter. It is type 7 passwords that are easy to crack.
>> >if you do not have anserw to other peopel question stop jerking,
>>
>> You replied to my posting; could I ask you to clarify whether you
>> were addressing those remarks to me or to someone else?
>
>Hi Walter,
>
>I am sorry, my remarks was pointed to defult user.

In that case; Yes, I think you are stupid.

HAND