?
Solved

Security breach???

Posted on 2007-10-12
3
Medium Priority
?
277 Views
Last Modified: 2010-04-11
Hello!

On a cisco 2801 i have just one username and this morning i logged in on it and just for fun typed show users
and i got this

    Line       User       Host(s)              Idle       Location
 194 vty 0     finance    idle                 00:00:01
                                                       64.1.26.165.ptr.us.xo.net


3 minutes later i saw this

    Line       User       Host(s)              Idle       Location
 194 vty 0     educationa idle                 00:00:01
                                                       64.1.26.165.ptr.us.xo.net


and they keep on changing.
do you know what is that?
0
Comment
Question by:lyncks
3 Comments
 
LVL 5

Accepted Solution

by:
richy92 earned 1000 total points
ID: 20064752
Could be a brute force attempt from 64.1.26.165 - are they always short time lengths ?
Cisco will show the connection after typing show users - even if the user has not sucessfully authenticated - but is in the process of trying.
0
 
LVL 29

Assisted Solution

by:Jan Springer
Jan Springer earned 1000 total points
ID: 20064897
Just say no.

You need an ACL on your vty connections. Change the ACL of '10' to something else between 1 and 99 if  that number is already in use:

access-list 10 remark hosts allow to connect to the router
access-list 10 permit a.b.c.d
access-list 10 permit e.f.g.h
access-list 10 permit i.j.k.0 0.0.0.255
access-list 10 deny   any

line vty 0 15
 access-class 10 in
0
 
LVL 1

Author Comment

by:lyncks
ID: 20065615
thanks a lot, did that
didnt know it shows him like that
0

Featured Post

A Cyber Security RX to Protect Your Organization

Join us on December 13th for a webinar to learn how medical providers can defend against malware with a cyber security "Rx" that supports a healthy technology adoption plan for every healthcare organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

With the evolution of technology, we have finally reached a point where it is possible to have home automation features like having your thermostat turn up and door lock itself when you leave, as well as a complete home security system. This is a st…
With more and more companies allowing their employees to work remotely, it begs the question: What are some of the security risks involved with remote employees and what actions should we take to secure them?
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
This video Micro Tutorial shows how to password-protect PDF files with free software. Many software products can do this, such as Adobe Acrobat (but not Adobe Reader), Nuance PaperPort, and Nuance Power PDF, but they are not free products. This vide…

864 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question