need some advice on our cisco routers..
Gayn Winters
gayn.winters at bristolsystems.com
Thu Feb 9 07:57:59 PST 2006
> [mailto:owner-freebsd-questions at freebsd.org] On Behalf Of Chuck Swiger
> Sent: Thursday, February 09, 2006 4:41 AM
> To: Mark Jayson Alvarez
> Cc: freebsd-questions at freebsd.org
> Subject: Re: need some advice on our cisco routers..
>
>
> Mark Jayson Alvarez wrote:
> >> We have a couple of cisco routers. There was one time when
> suddenly we cannot
> > login remotely via telnet. I investigate further and was
> shocked when I found
> > out that there where 16 telnet connections coming from
> outsiders ip addresses. I
> > immediately called our Director(the only cisco certified
> guy in the office) and
> > he begin kicking each of the telnet connections one by one.
> He then replaced
> > every "secret/password" and deleted all unnecessary local
> accounts. However,
> > we're still wondering how those hackers got into the
> system. Now this cisco's
> > aaa is default to a radius server. Since then, outsiders
> have gone away..
> > Perhaps the hackers got one of the router's local accounts,
> and trying to brute
> > force their way to enable mode.
>
> Did you keep careful logs of who was connecting from where so
> someone could
> start tracking things down? Have you contacted your local
> police and FBI, or
> whatever the local equivalent is? (Don't bother unless you
> can claim more than
> $2000 or so in damages, however.)
The last I looked the limit was $5000 for the FBI to accept a complaint;
however, due to manpower limitations, a more realistic limit is well
over $100,000 (aggregate damage for one attacker, multiple victims) for
them even to pay attention. Dealing with the FBI is better these days -
they have some good people now.
-gayn
Bristol Systems Inc.
714/532-6776
www.bristolsystems.com
More information about the freebsd-questions
mailing list