Date: Thu, 09 Feb 2006 07:40:46 -0500 From: Chuck Swiger <cswiger@mac.com> To: Mark Jayson Alvarez <jay2xra@yahoo.com> Cc: freebsd-questions@freebsd.org Subject: Re: need some advice on our cisco routers.. Message-ID: <43EB384E.7@mac.com> In-Reply-To: <20060209060705.45093.qmail@web51606.mail.yahoo.com> References: <20060209060705.45093.qmail@web51606.mail.yahoo.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Mark Jayson Alvarez wrote: >> We have a couple of cisco routers. There was one time when suddenly we cannot > login remotely via telnet. I investigate further and was shocked when I found > out that there where 16 telnet connections coming from outsiders ip addresses. I > immediately called our Director(the only cisco certified guy in the office) and > he begin kicking each of the telnet connections one by one. He then replaced > every "secret/password" and deleted all unnecessary local accounts. However, > we're still wondering how those hackers got into the system. Now this cisco's > aaa is default to a radius server. Since then, outsiders have gone away.. > Perhaps the hackers got one of the router's local accounts, and trying to brute > force their way to enable mode. Did you keep careful logs of who was connecting from where so someone could start tracking things down? Have you contacted your local police and FBI, or whatever the local equivalent is? (Don't bother unless you can claim more than $2000 or so in damages, however.) Most importantly, have you contacted Cisco? Asking for security advice about their routers here is not the right place to gain such information. cisco.com's got a large, informative site.... -- -Chuck
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?43EB384E.7>