Nipper and Cisco configuration results

Subba Rao castellan2004-nsm at
Fri Apr 3 21:42:38 CDT 2009

I did see a few false positives too with Nipper.  What do you think about Router Audit Tool (RAT) instead?  I downloaded ncat (aka RAT), but it does not have a global configuration file which I can use for all the routers and switches I have.  Any tips on ncat/RAT configuration?  I could not find any examples on using ncat.

Subba Rao

--- On Fri, 4/3/09, Christopher <chrismcc at> wrote:

From: Christopher <chrismcc at>
Subject: Re: Nipper and Cisco configuration results
To: "nanog" <nanog at>
Date: Friday, April 3, 2009, 12:36 PM

On Thu, 2009-04-02 at 15:33 -0700, Subba Rao wrote:
> I am using Nipper for verifying my Cisco configuration.  Nipper is
>  finding the "rlogin" service that is not in the configuration.  I have
>  searched the access lists and do not see it anywhere.  The explanation
>  by Nipper about this finding, "....Telnet protocol implemented by this
>  service...." is confusing.

The problem, IMHO, is nipper.  You might or might not have the rlogin
service enabled, but nipper has so many false positives I find is almost
useless.  In my case, it caught some obvious things I had forgotten to
do, but everything else was useless.  For instance from the nipper
source code:

struct vulnerability report_vuln_ios11 = {9, 0, 0, 12, 4, 0,
                          "CVE-2007-0479", "22208",
                          "IPv4 TCP listener denial of service",
                          true, false,
                          vuln_req_none, false, &report_vuln_ios12};

What the above means to nipper is any IOS version 12.0.x, 12.1.x,
12.2.x, 12.3.x is vulnerable, while every 12.4.x version is OK.  This is
obviously false on *both* counts.

I spent a lot of time trying to explain this to $corporate audit guy
that had never even logged into a router, let alone had to choose a
stable IOS version for 6500/7600 class hardware.

>   Here is the Nipper's output:


> Thank you in advance for any help.
> Subba Rao
Christopher McCrory
 "The guy that keeps the servers running"
chrismcc at
To the optimist, the glass is half full.
To the pessimist, the glass is half empty.
To the engineer, the glass is twice as big as it needs to be.

More information about the NANOG mailing list