Solved

Good Config for a Cisco SOHO 91 Router

Posted on 2004-09-10
5
1,437 Views
Last Modified: 2013-11-29

Hey all,

I am having an issue with my new router and would GREATLY appreciate any help I can get! First off, I seem to have user accounts created in my router by CRWS that I did not create. Would it appear that I have been hacked?

Next, I would like to get a good config that I can use to secure my router. The current config has the 10.10.10.0 network as allowed, but I do not what that allowed...  I am a newbie, so forgive any lack of info.... Here is my config, I have removed some info pertaining to my IP... notice the CRWS users that I did not create...

Router>#show running-config
Building configuration...

Current configuration : 4021 bytes
!
version 12.3
no service pad
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname Router
!
logging buffered informational
!
username CRWS_Venky privilege 15 password 7 03400A4F315E276D0A06480A24371B0D557F
79777C6461774A51
username CRWS_Gayatri privilege 15 password 7 15565A48337B2D056C3C642D2022060250
00080003045E564F41
username CRWS_Giri privilege 15 password 7 015757406C5A002E65431F062A2007135A5F5
57B7D7D7C61657A
username CRWS_Bijoy privilege 15 password 7 00404242330A0D274B2E1D413A3C15164652
5B5279727570
no aaa new-model
ip subnet-zero
ip dhcp excluded-address 172.16.30.1
!
ip dhcp pool CLIENT
   import all
   network 172.16.30.0 255.255.255.248
   default-router 172.16.30.1
   domain-name ph.cox.net
   lease 0 2
!
!
ip cef
ip inspect name myfw cuseeme timeout 3600
ip inspect name myfw ftp timeout 3600
ip inspect name myfw rcmd timeout 3600
ip inspect name myfw realaudio timeout 3600
ip inspect name myfw smtp timeout 3600
ip inspect name myfw tftp timeout 30
ip inspect name myfw udp timeout 15
ip inspect name myfw tcp timeout 3600
ip inspect name myfw h323 timeout 3600
!
!
!
!
partition flash 2 6 2
!
!
!
!
interface Ethernet0
 description CRWS Generated text. Please do not delete this:172.16.30.1-255.255.
255.248
 ip address 172.16.30.1 255.255.255.248 secondary
 ip address 10.10.10.1 255.255.255.0
 ip nat inside
 no cdp enable
 hold-queue 32 in
!
interface Ethernet1
 ip address dhcp client-id Ethernet1
 ip access-group 101 in
 ip nat outside
 ip inspect myfw out
 duplex auto
 no cdp enable
!
ip nat inside source list 102 interface Ethernet1 overload
ip classless
ip http server
no ip http secure-server
!
access-list 23 permit 172.16.30.0 0.0.0.7
access-list 23 permit 10.10.10.0 0.0.0.255
access-list 101 permit icmp any any administratively-prohibited
access-list 101 permit icmp any any echo
access-list 101 permit icmp any any echo-reply
access-list 101 permit icmp any any packet-too-big
access-list 101 permit icmp any any time-exceeded
access-list 101 permit icmp any any traceroute
access-list 101 permit icmp any any unreachable
access-list 101 permit udp any eq bootps any eq bootpc
access-list 101 permit udp any eq bootps any eq bootps
access-list 101 permit udp any eq domain any
access-list 101 permit esp any any
access-list 101 permit udp any any eq isakmp
access-list 101 permit udp any any eq 10000
access-list 101 permit tcp any any eq 1723
access-list 101 permit tcp any any eq 139
access-list 101 permit udp any any eq netbios-ns
access-list 101 permit udp any any eq netbios-dgm
access-list 101 permit gre any any
access-list 101 deny   ip any any log
access-list 102 permit ip 172.16.30.0 0.0.0.7 any
access-list 111 permit icmp any any administratively-prohibited
access-list 111 permit icmp any any echo
access-list 111 permit icmp any any echo-reply
access-list 111 permit icmp any any packet-too-big
access-list 111 permit icmp any any time-exceeded
access-list 111 permit icmp any any traceroute
access-list 111 permit icmp any any unreachable
access-list 111 permit udp any eq bootps any eq bootpc
access-list 111 permit udp any eq bootps any eq bootps
access-list 111 permit udp any eq domain any
access-list 111 permit esp any any
access-list 111 permit udp any any eq isakmp
access-list 111 permit udp any any eq 10000
access-list 111 permit tcp any any eq 1723
access-list 111 permit tcp any any eq 139
access-list 111 permit udp any any eq netbios-ns
access-list 111 permit udp any any eq netbios-dgm
access-list 111 permit gre any any
access-list 111 deny   ip any any log
no cdp run
route-map icmp deny 10
!
!
line con 0
 exec-timeout 120 0
 no modem enable
 stopbits 1
line aux 0
line vty 0 4
 access-class 23 in
 exec-timeout 120 0
 login local
 length 0
!
scheduler max-task-time 5000
!
end

Thank you!
0
Comment
Question by:zargoth3
  • 3
  • 2
5 Comments
 
LVL 8

Accepted Solution

by:
MarkDozier earned 125 total points
ID: 12030342
The good news is you have not been hacked. The bad news is you are closing the CRWS sessions incorrectly.

This article does not specifically mention your router but it does apply.

http://www.cisco.com/en/US/products/hw/routers/ps380/products_field_notice09186a00800e9476.shtml

I would also turn off the web server on the router and either console ot telnet into the router.
You can safely delete thos users without fear.
0
 

Author Comment

by:zargoth3
ID: 12030437
Great! That worked. If there are any "Best Practices" ACL's out there, I would appreciate help with that too.

Thanks for your help!
0
 

Author Comment

by:zargoth3
ID: 12030451
Sorry... How do I go about turning off the web server?

Thanks
0
 
LVL 8

Expert Comment

by:MarkDozier
ID: 12031320
Rtr# config t
Rtr#(config) no http server
Rtr#(config)cntl Z
0
 

Author Comment

by:zargoth3
ID: 12031869
I had just figured out the HTTP server thing when I logged back into the site. My router actually wanted NO IP HTTP SERVER instead of NO HTTP SERVER. Thanks for the info again!
0

Featured Post

What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

Join & Write a Comment

This is an article about my experiences with remote access to my clients (so that I may serve them) and eventually to my home office system via Radmin Remote Control. I have been using remote access for over 10 years and have been improving my metho…
Meet the world's only “Transparent Cloud™” from Superb Internet Corporation. Now, you can experience firsthand a cloud platform that consistently outperforms Amazon Web Services (AWS), IBM’s Softlayer, and Microsoft’s Azure when it comes to CPU and …
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now