Mark Jayson Alvarez wrote: >> We have a couple of cisco routers. There was one time when suddenly we >> cannot > login remotely via telnet. I investigate further and was shocked when I found > out that there where 16 telnet connections coming from outsiders ip > addresses. I > immediately called our Director(the only cisco certified guy in the office) > and > he begin kicking each of the telnet connections one by one. He then replaced > every "secret/password" and deleted all unnecessary local accounts. However, > we're still wondering how those hackers got into the system. Now this cisco's > aaa is default to a radius server. Since then, outsiders have gone away.. > Perhaps the hackers got one of the router's local accounts, and trying to > brute > force their way to enable mode.
Did you keep careful logs of who was connecting from where so someone could start tracking things down? Have you contacted your local police and FBI, or whatever the local equivalent is? (Don't bother unless you can claim more than $2000 or so in damages, however.) Most importantly, have you contacted Cisco? Asking for security advice about their routers here is not the right place to gain such information. cisco.com's got a large, informative site.... -- -Chuck _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
