Choose any of these login options:

What to do: when the Huawei router is attacked

Some characteristics attack of Huawei router AR3200 is very obvious, it is easy to determine what type of attack, when meet the unknown attacks, we need to catch the package to analyze the attack type, use the Huawei router as an example, to explain to you how to do.
A, Huawei AR Series Router
In the Voice view, enter the command VDSM, enter the password display Please inputpassword, in the voice, implicit view.
1, execute the command h-dsp PCM free, remove previously cached PCM data;
2, execute the command h-dsp PCM x command to grab a PCM packet, where x is theport number, starting from 0, according to the analog voice export order have been waiting forever;
3, execute the command h-dsp PCM Save command to save the PCM data.
The square dance last used FTP or TFTP to the PCM package downloaded from the router,PCM capture tool can only be used in analog voice port FXO and port FXS.
B, Huawei R Series Router Huawei AR1220
Enter the super user view
[huawei]super
Input password here
[huawei-supervisor]
Use the h-dsp PCM [channelNo] command can grab a 1 minute PCM data, the capture process, if the repeated execution of h-dsp PCM [channelNo] command, will see the size of the growing, grasps will prompt (the red part of the text), eventually capture PCM data filesize is about 964K, if the file size is too large, then grab bag has a problem, please re crawl.
192.168.1.1 as an example to demonstrate the following:
[huawei-supervisor]
[huawei-supervisor]h-dsp PCM 0
Channel 0 start capture PCM data packet, addr:0x7cb34b4
[huawei-supervisor]h-dsp PCM 0
Channel 0 has been capturing PCM data packet, size:40488, addr:0x7cb34b4
Please h-dsp PCM free first.
[huawei-supervisor]h-dsp PCM 0
Channel 0 has been capturing PCM data packet, size:77120, addr:0x7cb34b4
Please h-dsp PCM free first.
[huawei-supervisor]h-dsp PCM 0
Channel 0 has been capturing PCM data packet, size:111342, addr:0x7cb34b4
Please h-dsp PCM free first.
4VI: PCM data buffer has been full, stop capturing PCM data.
4VI: Debug PCM error Fail to record packet number.!
Finally, enable the FTP server on the router, use FTP to login from computer machine, getPCM can use the PCM data to grab the package download.
When we catch the package, we can analyz characteristics of the attack with software, to judge what type of attack, adjust the defense strategy, perfect blocking malicious attack.
 
 



share on: Share it! Tweet it! Stumble it! Digg it! Email it!  |  Permalink  |  lookafterpp in Uncategorized | Comment on this
Reader Comments

Post a Comment
Author:
Email:
(Optional)
  
lookafterpp
Reputation: 0 (0%)
Member Since:  Jul 2013
Last activity: 5/13/15, 6:05 pm