• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 453
  • Last Modified:

domain controller attempted hack after router rollout

We just had a Cisco tech rollout a 1721 router.  Since then we are having hack attempts that I can trace back to Austria. They are using valid domain accounts (I have a three try and you're out policy) and my  accounts keep getting locked out.  Any ideas? (I have created a local ip policy to block the offenders, but obviously this would be a never ending game).
0
bingboo
Asked:
bingboo
  • 7
  • 2
  • 2
  • +1
3 Solutions
 
0xSaPx0Commented:
Yes, buy and install a firewall or configure ACL's on your router. There is no reason anyone on the internet should be able to access your server to authenticate via kerberos or any other standard authentication method.

- SaP -
0
 
makanaCommented:
As 0x said, get a Good firewall from Cisco and configure it the way you want and give a good good long password. you can however get ISA server (this is a software) that has proved so so good for firewall purpose.
0
 
maxinglisCommented:
Sounds like the router is just poorly configured - there shouldn't be much being passed to your local network from the internet. If its meant to provide remote access to another site, the vpn tunnel isn't configured right. If its meant to provide remote access for users working from home or off-site, then it again sounds misconfigured, because communications via the VPN client should be secured.

I think you need to get the cisco tech back and whoop his butt.
0
Nothing ever in the clear!

This technical paper will help you implement VMware’s VM encryption as well as implement Veeam encryption which together will achieve the nothing ever in the clear goal. If a bad guy steals VMs, backups or traffic they get nothing.

 
0xSaPx0Commented:
If you have it, you can post the router configs (minus the enable secret and enable password lines) and we can take a look at it to get a better idea how it was setup.

- SaP -
CISSP, CCNA, CCDA, MCSE, CCA, CNA
Security+, Server+, Network+, A+, I-Net+
0
 
bingbooAuthor Commented:
 I will grab the config. tomorrow morning and publish here.  Thanks!
0
 
maxinglisCommented:
might be prudent to xxx out the first couple octets of any public IP addresses listed as well :)

Max.
0
 
bingbooAuthor Commented:
hi -
okay, we had a differenet tech come in and lock everything down.  Looks like we are good.  We have a win2000 software vpn off of our DC.  I was under the impression that all that need to be passed through the router was port 1721 (we took all of the defaults in setup).  On the clients we get to the point where it says verifying user id and then get a no response error - so I am assuming that it is trying to come back with a high port and waiting for the client who is then blocked trying to come back through the high port? Or am I completely off on this one?  Either way, can't vpn in.  Any ideas?
Thx.
0
 
bingbooAuthor Commented:
sorry meant port 1723.
0
 
bingbooAuthor Commented:
k - i think i might have foung it --- port 47 GRE - if I open that as well, will I be all set?
0
 
bingbooAuthor Commented:
k - just looked a bit more into this and it is protocol 47 gre not port 47 - so i only need port 1723 (no high ports?) - and how do i verify that gre is enabled on the cisco 1721?
0
 
bingbooAuthor Commented:
ran pptclnt on local lan machine while running pptpsrv on server. Success.  ran pptpclnt on client outside of lan, pptpsrv did not respond.  so my router is most def. not passing gre to my vpn server.  P.S. the whole reason I had to pull in a cisco tech is that I know abs. nothing about cisco 1721 so if someone could be as descriptive as possible on how to verify gre on the router, and if not passing, how to do so.
0
 
bingbooAuthor Commented:
sorry for the long delay. been in and out of the hospital as my wife just gave birth to my first son. :-)
created the access lists and i am good.  also using new cisco guy.
sorry again.
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

  • 7
  • 2
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now