Link to home
Start Free TrialLog in
Avatar of litesout
litesout

asked on

Cisco Router Pix help

To anybody who can help:

I have recently set up a network for a client. Full T-1, Cisco 1720 to a pix 506e. The configs are as follows. What i need is a serious critiquing of the configs to tell me whats good, bad, right and wrong. After the initial config and the machines (4 servers, 6 workstations,1 laptop) were installed, there was a serious virus/trojan infestation. After cleaning them all (using Trend Officescan, DCS, and Pandasoftware online scanner) i still run across some anomalys. I get a user account named 'user' created locally on each server at different times. I am not sure if its because of a whole in the pix/router or on the LAN. I have changed every password on the LAN except for the pix and router. Have i been compromised???

The router config is:
-----------------------------
Building configuration...

Current configuration : 1881 bytes
!
version 12.2
service nagle
no service pad
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname edge_rtr
!
enable secret 5 $1$Pc.i$v.ZxV.TTkIthTnGEQYJ040
enable password 7 020F0A4D0E1401245F5D
!
memory-size iomem 25
clock timezone EST -5
clock summer-time EDT recurring
ip subnet-zero
no ip source-route
ip domain-name hostname.com
ip name-server 199.45.32.38
ip name-server 199.45.32.43
!
no ip bootp server
ip cef
!
!
!
interface FastEthernet0
 ip address aa.bb.162.1 255.255.255.224
 no ip proxy-arp
 no ip mroute-cache
 speed auto
 no cdp enable
!
interface Serial0
 ip address aa.bb.65.26 255.255.255.252
 ip access-group hostname1-in in
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 no ip mroute-cache
 ntp disable
 no cdp enable
!
ip default-gateway aa.bb.65.25
ip classless
ip route 0.0.0.0 0.0.0.0 aa.bb.65.25
no ip http server
!
!
ip access-list extended hostname1-in
 deny   udp any range bootps bootpc any
 deny   tcp any eq 135 any
 deny   udp any eq 135 any
 deny   udp any range netbios-ns netbios-dgm any
 deny   tcp any eq 139 any
 deny   tcp any eq 445 any
 deny   tcp any eq 1243 any
 deny   ip 0.0.0.0 0.255.255.255 any log
 deny   ip host 255.255.255.255 any log
 deny   ip 127.0.0.0 0.255.255.255 any log
 deny   ip 224.0.0.0 15.255.255.255 any log
 deny   ip 240.0.0.0 7.255.255.255 any log
 deny   ip 10.0.0.0 0.255.255.255 any log
 deny   ip 172.16.0.0 0.15.255.255 any log
 deny   ip 192.168.0.0 0.0.255.255 any log
 deny   ip 192.0.2.0 0.0.0.255 any log
 deny   ip 169.254.0.0 0.0.255.255 any log
 permit icmp 199.0.0.0 0.0.0.255 any log
 deny   icmp any any log fragments
 permit ip aa.bb.0.0 0.0.255.255 any
 permit ip any any
no cdp run
!
line con 0
line aux 0
line vty 0 4
 password 7 1067070F00051C0E4840
 login
!
end
--------------------------------------------------------------------------------
The pix config is:
: Saved
: Written by enable_15 at 16:16:12.787 UTC Wed Jul 28 2004
PIX Version 6.3(1)
interface ethernet0 auto
interface ethernet1 100full
nameif ethernet0 outside security0
nameif ethernet1 inside security100
enable password vKU22tiP2nEzKS/8 encrypted
passwd vKU22tiP2nEzKS/8 encrypted
hostname HOSTNAME-Pix
domain-name HOSTNAME.com
fixup protocol ftp 21
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol ils 389
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol skinny 2000
fixup protocol smtp 25
fixup protocol sqlnet 1521
names
access-list toya permit ip any any
access-list core_fw deny tcp any any
access-list core_fw deny udp any any
access-list core_fw deny icmp any any
access-list core_fw permit tcp any host AA.BB.CC.5 eq smtp
access-list core_fw permit tcp any host AA.BB.CC.5 eq pop3
access-list core_fw permit tcp any host AA.BB.CC.5 eq imap4
access-list core_fw permit tcp any host AA.BB.CC.5 eq www
access-list core_fw permit tcp any host AA.BB.CC.5 eq https
access-list core_fw permit tcp any host AA.BB.CC.5 eq 3389
access-list core_fw permit tcp any host AA.BB.CC.7 eq 3389
access-list core_fw permit tcp any host AA.BB.CC.7 eq 1627
access-list core_fw permit tcp any host AA.BB.CC.7 eq www
access-list core_fw permit tcp any host AA.BB.CC.7 eq https
access-list core_fw permit tcp any host AA.BB.CC.7 eq ftp
access-list core_fw permit tcp any host AA.BB.CC.8 eq 3389
access-list core_fw permit tcp any host AA.BB.CC.8 eq ftp
access-list core_fw permit tcp any host AA.BB.CC.8 eq www
access-list core_fw permit tcp any host AA.BB.CC.8 eq 1627
access-list core_fw permit tcp any host AA.BB.CC.8 eq https
access-list core_fw permit tcp any host AA.BB.CC.6 eq 3389
access-list core_fw permit tcp any host AA.BB.CC.2 eq telnet
access-list core_fw permit tcp any host AA.BB.CC.4 eq ftp
access-list core_fw permit tcp any host AA.BB.CC.4 eq www
access-list core-fw permit tcp any host AA.BB.CC.9 eq www
pager lines 24
logging console debugging
logging monitor debugging
logging buffered debugging
logging trap debugging
mtu outside 1500
mtu inside 1500
ip address outside AA.BB.CC.2 255.255.255.224
ip address inside 192.168.14.2 255.255.255.0
ip verify reverse-path interface outside
ip verify reverse-path interface inside
ip audit info action alarm
ip audit attack action alarm
pdm logging informational 100
pdm history enable
arp timeout 14400
global (outside) 1 AA.BB.CC.5-AA.BB.CC.30 netmask 255.255.255.224
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
static (inside,outside) AA.BB.CC.5 192.168.14.5 netmask 255.255.255.255 0 0
static (inside,outside) AA.BB.CC.6 192.168.14.6 netmask 255.255.255.255 0 0
static (inside,outside) AA.BB.CC.7 192.168.14.7 netmask 255.255.255.255 0 0
static (inside,outside) AA.BB.CC.8 192.168.14.8 netmask 255.255.255.255 0 0
static (inside,outside) AA.BB.CC.4 192.168.14.4 netmask 255.255.255.255 0 0
static (inside,outside) AA.BB.CC.9 192.168.14.9 netmask 255.255.255.255 0 0
access-group toya in interface outside
route outside 0.0.0.0 0.0.0.0 AA.BB.CC.1 1
timeout xlate 0:05:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
aaa-server LOCAL protocol local
http server enable
http AA.BB.CC.0 255.255.255.224 outside
http AA.BB.CC.0 255.255.255.224 inside
http 192.168.14.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
floodguard enable
telnet AA.BB.CC.0 255.255.255.224 outside
telnet 192.168.14.0 255.255.255.0 inside
telnet timeout 15
ssh timeout 5
console timeout 0
dhcpd lease 3600
dhcpd ping_timeout 750
dhcpd auto_config outside
terminal width 80
Cryptochecksum:58862115ca5fc92a829deceecb499e41
SOLUTION
Avatar of grblades
grblades
Flag of United Kingdom of Great Britain and Northern Ireland image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
ASKER CERTIFIED SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial