need some advice on our cisco routers..

Gayn Winters gayn.winters at
Thu Feb 9 07:57:59 PST 2006

> [mailto:owner-freebsd-questions at] On Behalf Of Chuck Swiger
> Sent: Thursday, February 09, 2006 4:41 AM
> To: Mark Jayson Alvarez
> Cc: freebsd-questions at
> Subject: Re: need some advice on our cisco routers..
> Mark Jayson Alvarez wrote:
> >> We have a couple of cisco routers. There was one time when 
> suddenly we cannot 
> > login remotely via telnet. I investigate further and was 
> shocked when I found
> > out that there where 16 telnet connections coming from 
> outsiders ip addresses. I
> > immediately called our Director(the only cisco certified 
> guy in the office) and
> > he begin kicking each of the telnet connections one by one. 
> He then replaced
> > every "secret/password" and deleted all unnecessary local 
> accounts. However,
> > we're still wondering how those hackers got into the 
> system. Now this cisco's
> > aaa is default to a radius server. Since then, outsiders 
> have gone away..
> > Perhaps the hackers got one of the router's local accounts, 
> and trying to brute
> > force their way to enable mode.
> Did you keep careful logs of who was connecting from where so 
> someone could
> start tracking things down?  Have you contacted your local 
> police and FBI, or
> whatever the local equivalent is?  (Don't bother unless you 
> can claim more than
> $2000 or so in damages, however.)

The last I looked the limit was $5000 for the FBI to accept a complaint;
however, due to manpower limitations, a more realistic limit is well
over $100,000 (aggregate damage for one attacker, multiple victims) for
them even to pay attention. Dealing with the FBI is better these days -
they have some good people now.


Bristol Systems Inc.

More information about the freebsd-questions mailing list