From owner-freebsd-questions@FreeBSD.ORG Fri Feb 10 10:38:20 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A00C516A420 for ; Fri, 10 Feb 2006 10:38:20 +0000 (GMT) (envelope-from tedm@toybox.placo.com) Received: from mail.freebsd-corp-net-guide.com (mail.web-strider.com [65.75.192.90]) by mx1.FreeBSD.org (Postfix) with ESMTP id 04EF643D46 for ; Fri, 10 Feb 2006 10:38:19 +0000 (GMT) (envelope-from tedm@toybox.placo.com) Received: from tedwin2k (nat-rtr.freebsd-corp-net-guide.com [65.75.197.130]) by mail.freebsd-corp-net-guide.com (8.11.1/8.11.1) with SMTP id k1AAapu75060; Fri, 10 Feb 2006 02:36:51 -0800 (PST) (envelope-from tedm@toybox.placo.com) From: "Ted Mittelstaedt" To: "Chuck Swiger" , "Mark Jayson Alvarez" Date: Fri, 10 Feb 2006 02:36:50 -0800 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.6604 (9.0.2911.0) In-Reply-To: <43EB384E.7@mac.com> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1506 Importance: Normal Cc: freebsd-questions@freebsd.org Subject: RE: need some advice on our cisco routers.. X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 10 Feb 2006 10:38:20 -0000 Cisco's site is pretty big to find anything for a newbie. If you can implement all the recommendations here: http://www.dhs.gov/interweb/assetlibrary/NIAC_HardeningInternetPaper_Jan0 5.pdf your way ahead of most networks. Ted >-----Original Message----- >From: owner-freebsd-questions@freebsd.org >[mailto:owner-freebsd-questions@freebsd.org]On Behalf Of Chuck Swiger >Sent: Thursday, February 09, 2006 4:41 AM >To: Mark Jayson Alvarez >Cc: freebsd-questions@freebsd.org >Subject: Re: need some advice on our cisco routers.. > > >Mark Jayson Alvarez wrote: >>> We have a couple of cisco routers. There was one time when >suddenly we cannot >> login remotely via telnet. I investigate further and was >shocked when I found >> out that there where 16 telnet connections coming from >outsiders ip addresses. I >> immediately called our Director(the only cisco certified guy >in the office) and >> he begin kicking each of the telnet connections one by one. >He then replaced >> every "secret/password" and deleted all unnecessary local >accounts. However, >> we're still wondering how those hackers got into the system. >Now this cisco's >> aaa is default to a radius server. Since then, outsiders have >gone away.. >> Perhaps the hackers got one of the router's local accounts, >and trying to brute >> force their way to enable mode. > >Did you keep careful logs of who was connecting from where so >someone could >start tracking things down? Have you contacted your local >police and FBI, or >whatever the local equivalent is? (Don't bother unless you can >claim more than >$2000 or so in damages, however.) > >Most importantly, have you contacted Cisco? Asking for >security advice about >their routers here is not the right place to gain such >information. cisco.com's >got a large, informative site.... > >-- >-Chuck >_______________________________________________ >freebsd-questions@freebsd.org mailing list >http://lists.freebsd.org/mailman/listinfo/freebsd-questions >To unsubscribe, send any mail to >"freebsd-questions-unsubscribe@freebsd.org" > >-- >No virus found in this incoming message. >Checked by AVG Free Edition. >Version: 7.1.375 / Virus Database: 267.15.3/254 - Release Date: 2/8/2006 >