> [mailto:[EMAIL PROTECTED] On Behalf Of Chuck Swiger > Sent: Thursday, February 09, 2006 4:41 AM > To: Mark Jayson Alvarez > Cc: freebsd-questions@freebsd.org > Subject: Re: need some advice on our cisco routers.. > > > Mark Jayson Alvarez wrote: > >> We have a couple of cisco routers. There was one time when > suddenly we cannot > > login remotely via telnet. I investigate further and was > shocked when I found > > out that there where 16 telnet connections coming from > outsiders ip addresses. I > > immediately called our Director(the only cisco certified > guy in the office) and > > he begin kicking each of the telnet connections one by one. > He then replaced > > every "secret/password" and deleted all unnecessary local > accounts. However, > > we're still wondering how those hackers got into the > system. Now this cisco's > > aaa is default to a radius server. Since then, outsiders > have gone away.. > > Perhaps the hackers got one of the router's local accounts, > and trying to brute > > force their way to enable mode. > > Did you keep careful logs of who was connecting from where so > someone could > start tracking things down? Have you contacted your local > police and FBI, or > whatever the local equivalent is? (Don't bother unless you > can claim more than > $2000 or so in damages, however.)
The last I looked the limit was $5000 for the FBI to accept a complaint; however, due to manpower limitations, a more realistic limit is well over $100,000 (aggregate damage for one attacker, multiple victims) for them even to pay attention. Dealing with the FBI is better these days - they have some good people now. -gayn Bristol Systems Inc. 714/532-6776 www.bristolsystems.com _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
