need some advice on our cisco routers..
Ted Mittelstaedt
tedm at toybox.placo.com
Fri Feb 10 02:38:20 PST 2006
Cisco's site is pretty big to find anything for a newbie.
If you can implement all the recommendations here:
http://www.dhs.gov/interweb/assetlibrary/NIAC_HardeningInternetPaper_Jan0
5.pdf
your way ahead of most networks.
Ted
>-----Original Message-----
>From: owner-freebsd-questions at freebsd.org
>[mailto:owner-freebsd-questions at freebsd.org]On Behalf Of Chuck Swiger
>Sent: Thursday, February 09, 2006 4:41 AM
>To: Mark Jayson Alvarez
>Cc: freebsd-questions at freebsd.org
>Subject: Re: need some advice on our cisco routers..
>
>
>Mark Jayson Alvarez wrote:
>>> We have a couple of cisco routers. There was one time when
>suddenly we cannot
>> login remotely via telnet. I investigate further and was
>shocked when I found
>> out that there where 16 telnet connections coming from
>outsiders ip addresses. I
>> immediately called our Director(the only cisco certified guy
>in the office) and
>> he begin kicking each of the telnet connections one by one.
>He then replaced
>> every "secret/password" and deleted all unnecessary local
>accounts. However,
>> we're still wondering how those hackers got into the system.
>Now this cisco's
>> aaa is default to a radius server. Since then, outsiders have
>gone away..
>> Perhaps the hackers got one of the router's local accounts,
>and trying to brute
>> force their way to enable mode.
>
>Did you keep careful logs of who was connecting from where so
>someone could
>start tracking things down? Have you contacted your local
>police and FBI, or
>whatever the local equivalent is? (Don't bother unless you can
>claim more than
>$2000 or so in damages, however.)
>
>Most importantly, have you contacted Cisco? Asking for
>security advice about
>their routers here is not the right place to gain such
>information. cisco.com's
>got a large, informative site....
>
>--
>-Chuck
>_______________________________________________
>freebsd-questions at freebsd.org mailing list
>http://lists.freebsd.org/mailman/listinfo/freebsd-questions
>To unsubscribe, send any mail to
>"freebsd-questions-unsubscribe at freebsd.org"
>
>--
>No virus found in this incoming message.
>Checked by AVG Free Edition.
>Version: 7.1.375 / Virus Database: 267.15.3/254 - Release Date: 2/8/2006
>
More information about the freebsd-questions
mailing list