Date: Fri, 10 Feb 2006 02:36:50 -0800 From: "Ted Mittelstaedt" <tedm@toybox.placo.com> To: "Chuck Swiger" <cswiger@mac.com>, "Mark Jayson Alvarez" <jay2xra@yahoo.com> Cc: freebsd-questions@freebsd.org Subject: RE: need some advice on our cisco routers.. Message-ID: <LOBBIFDAGNMAMLGJJCKNOEGAFDAA.tedm@toybox.placo.com> In-Reply-To: <43EB384E.7@mac.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Cisco's site is pretty big to find anything for a newbie. If you can implement all the recommendations here: http://www.dhs.gov/interweb/assetlibrary/NIAC_HardeningInternetPaper_Jan0 5.pdf your way ahead of most networks. Ted >-----Original Message----- >From: owner-freebsd-questions@freebsd.org >[mailto:owner-freebsd-questions@freebsd.org]On Behalf Of Chuck Swiger >Sent: Thursday, February 09, 2006 4:41 AM >To: Mark Jayson Alvarez >Cc: freebsd-questions@freebsd.org >Subject: Re: need some advice on our cisco routers.. > > >Mark Jayson Alvarez wrote: >>> We have a couple of cisco routers. There was one time when >suddenly we cannot >> login remotely via telnet. I investigate further and was >shocked when I found >> out that there where 16 telnet connections coming from >outsiders ip addresses. I >> immediately called our Director(the only cisco certified guy >in the office) and >> he begin kicking each of the telnet connections one by one. >He then replaced >> every "secret/password" and deleted all unnecessary local >accounts. However, >> we're still wondering how those hackers got into the system. >Now this cisco's >> aaa is default to a radius server. Since then, outsiders have >gone away.. >> Perhaps the hackers got one of the router's local accounts, >and trying to brute >> force their way to enable mode. > >Did you keep careful logs of who was connecting from where so >someone could >start tracking things down? Have you contacted your local >police and FBI, or >whatever the local equivalent is? (Don't bother unless you can >claim more than >$2000 or so in damages, however.) > >Most importantly, have you contacted Cisco? Asking for >security advice about >their routers here is not the right place to gain such >information. cisco.com's >got a large, informative site.... > >-- >-Chuck >_______________________________________________ >freebsd-questions@freebsd.org mailing list >http://lists.freebsd.org/mailman/listinfo/freebsd-questions >To unsubscribe, send any mail to >"freebsd-questions-unsubscribe@freebsd.org" > >-- >No virus found in this incoming message. >Checked by AVG Free Edition. >Version: 7.1.375 / Virus Database: 267.15.3/254 - Release Date: 2/8/2006 >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?LOBBIFDAGNMAMLGJJCKNOEGAFDAA.tedm>