Table of Contents
NetRanger Version
2.2.0 Release Notes
These release notes discuss late changes, enhancements, and upgrade information for NetRanger version 2.2.0.
NetRanger version 2.2.0 has been redesigned and repackaged to make it easy to install, easy to set up, and easy to use. It now consists of a Sensor appliance and a Director software module that installs on top of HP OpenView. The Sensors are based on 400 MHz Intel motherboards and come with one or two processors depending on the interface cards in the box. This motherboard supports the new 100 MHz PCI bus, allowing for faster I/O. The monitoring interface options include Ethernet, Token Ring, Fast Ethernet, Single Attached FDDI, and Dual Attached FDDI. The second control interface is 10/100bT Ethernet. The Sensor is run on the Solaris X86 2.6 operating system. The Director now runs with HP OpenView 5.0 on either Solaris 2.6 or HPUX 10.20.
These release notes summarize the following topics:
These topics are covered in detail in the totally revised NetRanger User Guide.
This section includes the following topics:
Note Refer to the netranger220-readme.txt file bundled with the NetRanger software for last-minute changes and caveats.
Operating a 2.2.0 Sensor with a 2.1.1 Director is not supported.
Note It is highly recommended that you upgrade to the 2.2.0 Sensor to take advantage of the latest enhancements.
If you operate a 2.2.0 Director with a 2.1.1 Sensor, keep the following issues in mind:
- The 2.2.0 Director's nrConfigure adds 2.2.0 tokens to the 2.1.1 Sensor's configuration files. These 2.2.0 tokens will be ignored by the 2.1.1 Sensor.
- The 2.2.0 Director's nrConfigure cannot restart 2.1.1 Sensors due to differences in postofficed services. Although the Director does transfer the configuration files, it cannot apply these changes and restart the Sensor. To apply any configuration changes, open a Telnet session to the 2.1.1 Sensor and manually run nrstop and nrstart.
- If you want to use the 2.2.0 nrConfigure with a 2.1.1 Sensor, you will most likely have to enable the fileXferd service on the Sensor.
- To enable this service, Telnet to the Sensor, open the /usr/nr/etc/daemons file in a text editor, either add "nr.fileXferd" to the list of daemons or uncomment the "nr.fileXferd" line, save your changes and exit the editor, and then run nrstop and nrstart from the command line.
- Certain 2.2.0 Director menu functions have no effect on a 2.1.1 Sensor, including:
- Security>Daemons>Restart
- Security>Daemons>Stop
- Security>Daemons>Start
The following are caveats concerning the nrConfigure management tool:
- You can not run more than one copy of the nrConfigure GUI. If this is attempted, error messages will be generated.
- If nrConfigure crashes the first time you start it, you can restart the GUI without further problems.
- nrConfigure may freeze if a remote machine it is trying to configure is not reachable. Make sure that the remote machine is communicating on the network, and try again.
If a logfile contains any errors, sapd may not load it into the RDBMS, causing sapd to fail and generate an error. If this happens, follow these steps:
Step 1 Type nrstop to stop the NetRanger services.
Step 2 Type the following command to find the name of the logfile that caused problems:
more /usr/nr/var/messages.sapd
Step 3 Delete the logfile, mentioned in the messages.sapd file, from the /usr/nr/var/new directory.
Step 4 Type nrstart to restart the NetRanger services.
Note When you restart the NetRanger services, it is very likely that you will have duplicate records in your database.
The Security>Advanced>Shunning>Disable menu function keeps the managed service from communicating with any routers it is controlling. If you invoke this function and then try to implement manual shunning, your commands will not be passed to the router.
Also, any currently shunned networks or hosts will not be removed from the shun list.
This menu function is normally used to temporarily disable managed so you can pass configuration commands to the router safely.
Use the Security>Advanced>Shunning>Enable menu function to resume shunning. If you reboot the Sensor, then the temporary disabling of shunning is also reset.
This section discusses the following topics:
If you have an existing 2.1.1 Sensor and would like to upgrade the software to NetRanger version 2.2.0, use Table 1 to guide you in the process.
Table 1: Upgrading a Sensor from 2.1.1 to 2.2.0
| Upgrade to 2.2.0, but keep Solaris 2.5.1*
| Upgrade to 2.2.0
and upgrade
to Solaris 2.6
|
| If you want to keep your configuration files:
| If you want to create new configuration files:
|
|
4 . | If the Director has also been upgraded and its configuration files changed, use nrConfigure's Insert Sensor feature to finalize the configuration. |
|
|
2 . | Run sysconfig-sensor on the Sensor. |
|
3 . | Run sysconfig-director on the Director, and then use nrConfigure's Add Host feature to finalize the Sensor upgrade. |
| Refer to the "Building a Sensor (Optional)" section of Chapter 3, "Installation and Configuration" in the NetRanger User Guide.
If you want to upgrade your Sensor hardware, contact your Cisco Sales representative to order a Sensor appliance, which runs on a customized version of Solaris 2.6.
|
*Solaris 2.5.1 is not year 2000 compliant. Be sure to install the Y2K patches for Solaris 2.5.1.
|
|---|
If you have an existing 2.1.1 Director and would like to upgrade the software to NetRanger version 2.2.0, use Table 2 to guide you in the process.
Note NetRanger on AIX 4.1.x is no longer supported. Contact a Cisco sales representative to migrate to Solaris or HP-based 2.2.0 Director.
Table 2: Upgrading a Director from 2.1.1 to 2.2.0
| If your 2.1.1 Director is:
|
| Sun Solaris SPARC 2.5.1
| HP-UX 10.10
|
Keep Solaris 2.5.1
and keep configuration files*
| Keep Solaris 2.5.1 and create new configuration files*
| Upgrade to Solaris 2.6
|
If you want to keep your configuration files, refer to Chapter 3, "Installation and Configuration" in the NetRanger User Guide.
|
|
2 . | Run sysconfig-director on the Director. |
|
3 . | Use nrConfigure to finalize the Director configuration. |
|
4 . | To upgrade and configure 2.1.1 Sensors, refer to Table 1 of these Release Notes. |
|
|
2 . | Upgrade the operating system to Solaris 2.6. |
|
4 . | To upgrade and configure 2.1.1 Sensors, refer to Table 1 of these Release Notes. |
|
|
2 . | Upgrade the operating system to HP-UX 10.20. |
|
4 . | To upgrade and configure 2.1.1 Sensors, refer to Table 1 of these Release Notes. |
|
*Solaris 2.5.1 is not year 2000 compliant. Be sure to install the Y2K patches for Solaris 2.5.1.
|
|---|
For NetRanger version 2.2.0, NetView for AIX support on the Director and licensing have both been removed.
The Sensor Update contains updates to the signatures list, the Sensor's intrusion detection software, and the Network Security Database (NSDB). This patch is updated periodically.
To obtain the Sensor Update Patch, follow these steps:
Step 1 If you have not already done so, become a CCO member.
To become a CCO member, access the following URL:
http://www.cisco.com/register/
and follow the registration instructions.
Step 2 Access the following URL:
http://www.cisco.com/cgi-bin/tablebuild.pl/nr22-sensor
Step 3 Log on with your CCO username and password.
Step 4 Download the latest readme and either the Solaris SPARC or Solaris x86 Sensor Update files.
Step 5 For each file, follow the instructions for downloading. You can download via FTP, HTTP, or e-mail.
Step 6 When you have downloaded all the files, use the FTP facility to transfer them to the Sensor.
Step 7 Follow the instructions in the readme file for installing the Sensor update.
For the 2.2.0 release of NetRanger, the following were a top priority:
The following installation enhancement was made for the Sensor:
- Technician Installation---The Sensor has been repackaged as a hardware/software appliance with a simplified setup procedure. The technician will first attach the monitoring and control interfaces to the appropriate points on the network. The technician would then temporarily attach a monitor and keyboard to the Sensor and start the initialization script. This script will prompt for several network-related parameters such as IP address, host name, netmask and then several NetRanger-specific parameters such as host and organization. There are a total of seven questions to answer. In a standard deployment, the security office should provide answers for the technician in advance.
On the Director, the following enhancements were made:
- Simplified install with HP OpenView---Clearly outlined steps and procedures for configuring OpenView and then installing the NetRanger Director.
- Interactive Sensor setup wizard---This new wizard allows the operator to easily connect with a newly installed Sensor. The wizard asks several network-related questions, connects with the new Sensor, and then opens nrConfigure with the default configuration. From this point on the operator can customize the intrusion detection policy and apply it on the new Sensor.
- Full-featured configuration manager (see the following section).
The following enhancements were made to simplify technical support of NetRanger:
- The Sensor appliances have easy to understand part numbers:
- NRS-2E (Ethernet)
- NRS-TR (Token Ring)
- NRS-2FE (Fast Ethernet)
- NRS-SFDDI (Single FDDI)
- NRS-DFDDI (Dual FDDI)
- Optional -DM suffix on the above part numbers indicates device management option (shunning)
- Device management for all network devices is now bundled in a single option package.
- Sensor migrated to a common platform, with the following characteristics:
- Single or Dual 400 MHz Processor
- 100 MHz PCI Bus Monitoring Cards
- Technology Migration Program---Cisco provides a Technology Migration Program that allows customers to trade in older hardware for credit against new purchases. There are three 'levels' of trade in. Each level will be given a certain credit for their Sparc-based Sensor and their Pentium-based Sensor. The three levels of trade-in are:
- Customers who have purchased WheelGroup products prior to the Cisco acquisition effective April 1, 1998.
- Customers that have purchased equipment since the WheelGroup acquisition effective April 1, 1998.
- Customers who wish to upgrade from a software-only purchase to the new 2.2.0 appliance.
- These three trade-in deals will be available until April 30, 1999. Contact your Cisco sales representative for details.
- SmartNet Support allowing all six levels of Cisco support will be available for the Sensors. Software Application Support with Upgrades will be available for the Director.
The following enhancements were made for product usability:
- The NetRanger User Guide was completely reorganized to reflect the new product configuration.
- The nrConfigure tool was changed to offer expanded remote configuration services, including:
- Point and click configuration of Sensors
- Configuration archival and version control
- Sensor recovery tool
- Remote signature updates
- The Network Security Database (NSDB), an HTML-based encyclopedia of network security information, is now available.
- Support for Cisco Routers expanded to the following models: Cisco 1600, Cisco 3600, and Cisco 7200.
- Reduced false positive alarm rate by creating a new RecordOfExcludedNetAddress token (an enhancement of the previous RecordOfExcludedAddress token). The new token allows the user to exclude alarms for entire networks by providing a netmask. The new token also allows the user to exclude alarms based on whether the network address was the source, or destination address for the alarm.
- The RecordOfExcludedAddress token is still supported in NetRanger version 2.2.0.
- System error messages about logging, communication, and other NetRanger services, are now graphically represented on the Director's interface. Users can access the Error information in the same way they can access attack Alarm information.
- NetRanger can now log and alarm on policy violations on a Cisco router via the syslogd service. Users can configure the router to send syslogd log files to the Sensor, which can then pass the information to the Director for alarm display.
NetRanger version 2.2.0 contains the following new signatures:
- 1103 IP Fragments Overlap---Some implementations of the TCP/IP IP fragmentation re-assembly code do not properly handle overlapping IP fragments. Teardrop is a widely available attack tool that exploits this vulnerability.
- 2153 Smurf---This triggers when a large number of ICMP Echo Replies are targeted at a machine. They can be from one or many sources. This will catch the attack known as Smurf, described in the related vulnerability page. Because this attack can come from many sources, automatic shunning of individual hosts is not very effective. If only one network is being used to broadcast the replies, the network can be shunned.
- 2154 Ping of Death Attack---This triggers when a large number of ICMP Echo Replies are targeted at a machine. They can be from one or many sources. This will catch the attack known as Smurf, described in the related vulnerability page. Because this attack can come from many sources, automatic shunning of individual hosts is not very effective. If only one network is being used to broadcast the replies, the network can be shunned.
- 3001 TCP Port Sweep---This triggers when a large number of ICMP Echo Replies are targeted at a machine. They can be from one or many sources. This will catch the attack known as Smurf, described in the related vulnerability page. Because this attack can come from many sources, automatic shunning of individual hosts is not very effective. If only one network is being used to broadcast the replies, the network can be shunned.
- 3003 TCP Frag SYN Port Sweep---This triggers when a large number of ICMP Echo Replies are targeted at a machine. They can be from one or many sources. This will catch the attack known as Smurf, described in the related vulnerability page. Because this attack can come from many sources, automatic shunning of individual hosts is not very effective. If only one network is being used to broadcast the replies, the network can be shunned.
- 3005 TCP FIN Port Sweep---This triggers when a large number of ICMP Echo Replies are targeted at a machine. They can be from one or many sources. This will catch the attack known as Smurf, described in the related vulnerability page. Because this attack can come from many sources, automatic shunning of individual hosts is not very effective. If only one network is being used to broadcast the replies, the network can be shunned.
- 3006 TCP Frag FIN Port Sweep---This triggers when a large number of ICMP Echo Replies are targeted at a machine. They can be from one or many sources. This will catch the attack known as Smurf, described in the related vulnerability page. Because this attack can come from many sources, automatic shunning of individual hosts is not very effective. If only one network is being used to broadcast the replies, the network can be shunned.
- 3010 TCP High Port Sweep---This triggers when a large number of ICMP Echo Replies are targeted at a machine. They can be from one or many sources. This will catch the attack known as Smurf, described in the related vulnerability page. Because this attack can come from many sources, automatic shunning of individual hosts is not very effective. If only one network is being used to broadcast the replies, the network can be shunned.
- 3011 TCP FIN High Port Sweep---This triggers when a large number of ICMP Echo Replies are targeted at a machine. They can be from one or many sources. This will catch the attack known as Smurf, described in the related vulnerability page. Because this attack can come from many sources, automatic shunning of individual hosts is not very effective. If only one network is being used to broadcast the replies, the network can be shunned.
- 3012 TCP Frag FIN High Port Sweep---This triggers when a large number of ICMP Echo Replies are targeted at a machine. They can be from one or many sources. This will catch the attack known as Smurf, described in the related vulnerability page. Because this attack can come from many sources, automatic shunning of individual hosts is not very effective. If only one network is being used to broadcast the replies, the network can be shunned.
- 3015 TCP Null Port Sweep---This triggers when a large number of ICMP Echo Replies are targeted at a machine. They can be from one or many sources. This will catch the attack known as Smurf, described in the related vulnerability page. Because this attack can come from many sources, automatic shunning of individual hosts is not very effective. If only one network is being used to broadcast the replies, the network can be shunned.
- 3016 TCP Frag Null Port Sweep---This triggers when a large number of ICMP Echo Replies are targeted at a machine. They can be from one or many sources. This will catch the attack known as Smurf, described in the related vulnerability page. Because this attack can come from many sources, automatic shunning of individual hosts is not very effective. If only one network is being used to broadcast the replies, the network can be shunned.
- 3020 TCP SYN FIN Port Sweep---This triggers when a large number of ICMP Echo Replies are targeted at a machine. They can be from one or many sources. This will catch the attack known as Smurf, described in the related vulnerability page. Because this attack can come from many sources, automatic shunning of individual hosts is not very effective. If only one network is being used to broadcast the replies, the network can be shunned.
- 3021 TCP Frag SYN FIN Port Sweep---This triggers when a large number of ICMP Echo Replies are targeted at a machine. They can be from one or many sources. This will catch the attack known as Smurf, described in the related vulnerability page. Because this attack can come from many sources, automatic shunning of individual hosts is not very effective. If only one network is being used to broadcast the replies, the network can be shunned.
- 3030 TCP SYN Host Sweep---This triggers when a large number of ICMP Echo Replies are targeted at a machine. They can be from one or many sources. This will catch the attack known as Smurf, described in the related vulnerability page. Because this attack can come from many sources, automatic shunning of individual hosts is not very effective. If only one network is being used to broadcast the replies, the network can be shunned.
- 3031 TCP FRAG SYN Host Sweep---This triggers when a large number of ICMP Echo Replies are targeted at a machine. They can be from one or many sources. This will catch the attack known as Smurf, described in the related vulnerability page. Because this attack can come from many sources, automatic shunning of individual hosts is not very effective. If only one network is being used to broadcast the replies, the network can be shunned.
- 3032 TCP FIN Host Sweep---This triggers when a large number of ICMP Echo Replies are targeted at a machine. They can be from one or many sources. This will catch the attack known as Smurf, described in the related vulnerability page. Because this attack can come from many sources, automatic shunning of individual hosts is not very effective. If only one network is being used to broadcast the replies, the network can be shunned.
- 3033 TCP FRAG FIN Host Sweep---This triggers when a large number of ICMP Echo Replies are targeted at a machine. They can be from one or many sources. This will catch the attack known as Smurf, described in the related vulnerability page. Because this attack can come from many sources, automatic shunning of individual hosts is not very effective. If only one network is being used to broadcast the replies, the network can be shunned.
- 3034 TCP NULL Host Sweep---This triggers when a large number of ICMP Echo Replies are targeted at a machine. They can be from one or many sources. This will catch the attack known as Smurf, described in the related vulnerability page. Because this attack can come from many sources, automatic shunning of individual hosts is not very effective. If only one network is being used to broadcast the replies, the network can be shunned.
- 3035 TCP FRAG NULL Host Sweep---This triggers when a large number of ICMP Echo Replies are targeted at a machine. They can be from one or many sources. This will catch the attack known as Smurf, described in the related vulnerability page. Because this attack can come from many sources, automatic shunning of individual hosts is not very effective. If only one network is being used to broadcast the replies, the network can be shunned.
- 3036 TCP SYN FIN Host Sweep---This triggers when a large number of ICMP Echo Replies are targeted at a machine. They can be from one or many sources. This will catch the attack known as Smurf, described in the related vulnerability page. Because this attack can come from many sources, automatic shunning of individual hosts is not very effective. If only one network is being used to broadcast the replies, the network can be shunned.
- 3037 TCP FRAG SYN FIN Host Sweep---This triggers when a large number of ICMP Echo Replies are targeted at a machine. They can be from one or many sources. This will catch the attack known as Smurf, described in the related vulnerability page. Because this attack can come from many sources, automatic shunning of individual hosts is not very effective. If only one network is being used to broadcast the replies, the network can be shunned.
- 3106 Mail Spam---Counts number of Rcpt to: lines in a single mail message and alarms after a user-definable maximum has been exceeded (default is 250).
- 3107 Majordomo Execute Attack---A bug in the Majordomo program will allow remote users to execute arbitrary commands at the privilege level of the server.
- 3108 MIME Overflow Bug---Fires when an SMTP mail message has a MIME "Content-" field that is excessively long. The token "MimeContentMaxLen" defines the longest valid header length for MIME Content-... Header tokens. It defaults to 200 and is settable to any value greater or equal to 76.
- 3109 Q-Mail Length Crash---This signature triggers when an attempt is made to pass an overly long command string to a mail server.
- 3221 WWW cgi-viewsource Attack---Triggers when someone attempts to use the cgi-viewsource script to view files above the HTTP root directory.
- 3222 WWW PHP Log Scripts Read Attack---Triggers when someone attempts to use the PHP scripts mlog or mylog to view files on a machine.
- 3223 WWW IRIX cgi-handler Attack---Triggers when someone attempts to use the cgi-handler script to execute commands.
- 3224 HTTP WebGais---Triggers when someone attempts to use the webgais script to run arbitrary commands.
- 3225 HTTP Gais Websendmail---Triggers when someone attempts to use the script websendmail to read the password file on a machine.
- 3226 WWW Webdist Bug---Triggers when an attempt is made to use the webdist program.
- 3227 WWW Htmlscript Bug---Triggers when an attempt is made to view files above the html root directory.
- 3228 WWW Perfomer Bug---Triggers when an attempt is made to view files above the html root directory.
- 3229 Website Win-C-Sample Buffer Overflow---This signature triggers when an attempt is made to access the win-c-sample program distributed with WebSite servers.
- 3229 WWW LPerformer Bug---This signature triggers when an attempt is made to access the win-c-sample program distributed with WebSite servers.
- 3230 Website Uploader---This signature triggers when an attempt is made to access the uploader program distributed with WebSite servers.
- 3231 Novell convert---This signature triggers when a user has attempted to use the convert.bas program included with Novell's web server to illegally view files.
- 3232 WWW finger attempt---This signature triggers when an attempt is made to run the finger.pl program via the HTTP server.
- 3233 WWW count-cgi Overflow---This signature triggers when an attempt is made to overflow a buffer in the cgi Count program.
- 3251 TCP Hijacking Simplex Mode---This signature triggers when an attempt is made to overflow a buffer in the cgi Count program.
- 3576 INN Control Message Exploit---This signature triggers when an attempt is made to execute arbitrary commands via the control message.
- 3400 Sunkill---Fires when someone attempts to cause the telnetd server to lock up. This will catch the program known as sunkill.
- 3525 IMAP Authenticate Buffer Overflow---Fires when someone attempts to cause the telnetd server to lock up. This will catch the program known as sunkill.
- 3526 Imap Login Buffer Overflow---Fires when someone attempts to cause the telnetd server to lock up. This will catch the program known as sunkill.
- 3550 POP Buffer Overflow---Fires when someone attempts to cause the telnetd server to lock up. This will catch the program known as sunkill.
- 3550 POP Buffer Overflow---Fires when someone attempts to cause the telnetd server to lock up. This will catch the program known as sunkill.
- 3600 IOS Telnet Buffer Overflow---Fires when someone attempts to cause the telnetd server to lock up. This will catch the program known as sunkill.
- 3601 IOS Command History Exploit---This signature triggers on an attempt to force a Cisco router to reveal prior users' command history.
- 4002 UDP Flood---This triggers when a large number of UDP packets are directed at a host. This will fire when the Pepsi attack is launched across a protected boundary. This signature is also indicative of a UDP port sweep.
- 4051 Snork---This triggers when a large number of UDP packets are directed at a host. This will fire when the Pepsi attack is launched across a protected boundary. This signature is also indicative of a UDP port sweep.
- 4052 Chargen DoS---This triggers when a large number of UDP packets are directed at a host. This will fire when the Pepsi attack is launched across a protected boundary. This signature is also indicative of a UDP port sweep.
- 4150 Ascend Denial of Service---This signature triggers when an attempt has been made to send a maliciously malformed command to an ascend router in an attempt to crash the router.
- 6110 RPC RSTATD Sweep---Triggers when RPC requests are made to many ports for the RSTATD program.
- 6111 RPC RUSERSD Sweep---Triggers when RPC requests are made to many ports for the RUSERSD program.
- 6112 RPC NFS Sweep---Triggers when RPC requests are made to many ports for the NFS program.
- 6113 RPC MOUNTD Sweep---Triggers when RPC requests are made to many ports for the MOUNTD program.
- 6114 RPC YPPASSWDD Sweep---Triggers when RPC requests are made to many ports for the YPPASSWDD program.
- 6115 RPC SELECTION_SVC Sweep---Triggers when RPC requests are made to many ports for the SELECTION_SVC program.
- 6116 RPC REXD Sweep---Triggers when RPC requests are made to many ports for the REXD program.
- 6117 RPC STATUS Sweep---Triggers when RPC requests are made to many ports for the STATUS program.
- 6118 RPC ttdb Sweep---This signature triggers on an attempt to access the tooltalk database daemon on multiple ports on a single host.
- 6180 rexd Attempt---Triggers when a call to the rexd program is made. The remote execution daemon is the server responsible for remote program execution. This may be indicative of an attempt to gain unauthorized access to system resources.
- 6190 statd Buffer Overflow---Triggers when a large statd request is sent. This could be an attempt to overflow a buffer and gain access to system resources.
- 6191 RPC.tooltalk Buffer Overflow---This signature fires when an attempt is made to overflow an internal buffer in the tooltalk rpc program.
- 6192 RPC mountd Buffer Overflow---This signature triggers on an attempt to overflow a buffer in the RPC mountd application. This may result in unauthorized access to system resources.
Use these release notes in conjunction with the following documents:
- NetRanger User Guide
- Regulatory Compliance and Safety Information for NetRanger
Cisco Connection Online (CCO) is Cisco Systems' primary, real-time support channel. Maintenance customers and partners can self-register on CCO to obtain additional information and services.
Available 24 hours a day, 7 days a week, CCO provides a wealth of standard and value-added services to Cisco's customers and business partners. CCO services include product information, product documentation, software updates, release notes, technical tips, the Bug Navigator, configuration notes, brochures, descriptions of service offerings, and download access to public and authorized files.
CCO serves a wide variety of users through two interfaces that are updated and enhanced simultaneously: a character-based version and a multimedia version that resides on the World Wide Web (WWW). The character-based CCO supports Zmodem, Kermit, Xmodem, FTP, and Internet e-mail, and it is excellent for quick access to information over lower bandwidths. The WWW version of CCO provides richly formatted documents with photographs, figures, graphics, and video, as well as hyperlinks to related information.
You can access CCO in the following ways:
For a copy of CCO's Frequently Asked Questions (FAQ), contact cco-help@cisco.com. For additional information, contact cco-team@cisco.com.
Note If you are a network administrator and need personal technical assistance with a Cisco product that is under warranty or covered by a maintenance contract, contact Cisco's Technical Assistance Center (TAC) at 800 553-2447, 408 526-7209, or tac@cisco.com. To obtain general information about Cisco Systems, Cisco products, or upgrades, contact 800 553-6387, 408 526-7208, or cs-rep@cisco.com.
Cisco documentation and additional literature are available in a CD-ROM package, which ships with your product. The Documentation CD-ROM, a member of the Cisco Connection Family, is updated monthly. Therefore, it might be more current than printed documentation. To order additional copies of the Documentation CD-ROM, contact your local sales representative or call customer service. The CD-ROM package is available as a single package or as an annual subscription. You can also access Cisco documentation on the World Wide Web at http://www.cisco.com, http://www-china.cisco.com, or http://www-europe.cisco.com.
If you are reading Cisco product documentation on the World Wide Web, you can submit comments electronically. Click Feedback in the toolbar and select Documentation. After you complete the form, click Submit to send it to Cisco. We appreciate your comments.
Posted: Thu Jul 27 09:26:59 PDT 2000
Copyright 1989-2000©Cisco Systems Inc.
