Date: Thu, 9 Feb 2006 08:00:00 -0800 From: "Gayn Winters" <gayn.winters@bristolsystems.com> To: "'Chuck Swiger'" <cswiger@mac.com>, "'Mark Jayson Alvarez'" <jay2xra@yahoo.com> Cc: freebsd-questions@freebsd.org Subject: RE: need some advice on our cisco routers.. Message-ID: <07a301c62d91$e4d6d470$6501a8c0@workdog> In-Reply-To: <43EB384E.7@mac.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> [mailto:owner-freebsd-questions@freebsd.org] On Behalf Of Chuck Swiger > Sent: Thursday, February 09, 2006 4:41 AM > To: Mark Jayson Alvarez > Cc: freebsd-questions@freebsd.org > Subject: Re: need some advice on our cisco routers.. > > > Mark Jayson Alvarez wrote: > >> We have a couple of cisco routers. There was one time when > suddenly we cannot > > login remotely via telnet. I investigate further and was > shocked when I found > > out that there where 16 telnet connections coming from > outsiders ip addresses. I > > immediately called our Director(the only cisco certified > guy in the office) and > > he begin kicking each of the telnet connections one by one. > He then replaced > > every "secret/password" and deleted all unnecessary local > accounts. However, > > we're still wondering how those hackers got into the > system. Now this cisco's > > aaa is default to a radius server. Since then, outsiders > have gone away.. > > Perhaps the hackers got one of the router's local accounts, > and trying to brute > > force their way to enable mode. > > Did you keep careful logs of who was connecting from where so > someone could > start tracking things down? Have you contacted your local > police and FBI, or > whatever the local equivalent is? (Don't bother unless you > can claim more than > $2000 or so in damages, however.) The last I looked the limit was $5000 for the FBI to accept a complaint; however, due to manpower limitations, a more realistic limit is well over $100,000 (aggregate damage for one attacker, multiple victims) for them even to pay attention. Dealing with the FBI is better these days - they have some good people now. -gayn Bristol Systems Inc. 714/532-6776 www.bristolsystems.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?07a301c62d91$e4d6d470$6501a8c0>