ricks_v
asked on
What are these all files on my Cisco ASA 5505
We have so many Cisco ASA 5505 and 5010 and we are only using them for Lan2Lan Ipsec tunnel.
For some reason, one of our ASA has its flash full of files that i don't recognize.
Also the other day, I tried to telnet to ASA from the LAN side, and my password was rejected for some reason, it keeps saying connection closed by host.
This is what I get when I show flash:
asa5505-RDW# sh flash
Initializing disk0: cache, please wait........Done.
-#- --length-- -----date/time------ path
6 14635008 Feb 16 2008 14:55:36 asa803-k8.bin
7 5623108 Feb 26 2008 23:58:34 asdm-522.bin
8 6851212 Feb 16 2008 14:57:40 asdm-603.bin
11 0 Feb 16 2008 15:01:04 log
12 0 Feb 16 2008 15:01:24 crypto_archive
13 8312832 Feb 27 2008 00:00:34 asa722-k8.bin
20 2864 Feb 27 2008 00:03:50 csco_config/locale/LC_MESS
.po
21 18503 Feb 27 2008 00:03:50 csco_config/locale/LC_MESS
22 896 Feb 27 2008 00:03:50 csco_config/locale/LC_MESS
29 3224 Feb 16 2008 15:01:44 csco_config/locale/ja/LC_M
ion.po
30 4481 Feb 16 2008 15:01:44 csco_config/locale/ja/LC_M
der.po
31 32846 Feb 16 2008 15:01:44 csco_config/locale/ja/LC_M
38 2430 Feb 16 2008 15:01:44 csco_config/locale/fr/LC_M
ion.po
39 4149 Feb 16 2008 15:01:44 csco_config/locale/fr/LC_M
der.po
40 30822 Feb 16 2008 15:01:44 csco_config/locale/fr/LC_M
41 5 Feb 16 2008 15:01:44 csco_config/locale/clean.8
53 4181246 Feb 16 2008 15:01:36 securedesktop_asa_3_2_1_10
54 0 Feb 16 2008 15:01:36 sdesktop
55 1462 Feb 16 2008 15:01:36 sdesktop/data.xml
56 3188033 Feb 16 2008 15:01:38 anyconnect-macosx-powerpc-
57 3148346 Feb 16 2008 15:01:40 anyconnect-macosx-i386-2.1
58 1955915 Feb 16 2008 15:01:42 anyconnect-win-2.1.0148-k9
59 3488201 Feb 16 2008 15:01:44 anyconnect-linux-2.1.0148-
What are these all these PortForwarder.po, linux.pkg.
I never configure any anyconnect or anything for linux connection.
Do you think it's possible someone has hacked in to my ASA?
FYI, all internet ports are open on the ADSL router to the ASA.
i would've thought this is save as we have proper ACL, allowing only access for ipsec tunnels..
let me know what you think..
thanks in advance
For some reason, one of our ASA has its flash full of files that i don't recognize.
Also the other day, I tried to telnet to ASA from the LAN side, and my password was rejected for some reason, it keeps saying connection closed by host.
This is what I get when I show flash:
asa5505-RDW# sh flash
Initializing disk0: cache, please wait........Done.
-#- --length-- -----date/time------ path
6 14635008 Feb 16 2008 14:55:36 asa803-k8.bin
7 5623108 Feb 26 2008 23:58:34 asdm-522.bin
8 6851212 Feb 16 2008 14:57:40 asdm-603.bin
11 0 Feb 16 2008 15:01:04 log
12 0 Feb 16 2008 15:01:24 crypto_archive
13 8312832 Feb 27 2008 00:00:34 asa722-k8.bin
20 2864 Feb 27 2008 00:03:50 csco_config/locale/LC_MESS
.po
21 18503 Feb 27 2008 00:03:50 csco_config/locale/LC_MESS
22 896 Feb 27 2008 00:03:50 csco_config/locale/LC_MESS
29 3224 Feb 16 2008 15:01:44 csco_config/locale/ja/LC_M
ion.po
30 4481 Feb 16 2008 15:01:44 csco_config/locale/ja/LC_M
der.po
31 32846 Feb 16 2008 15:01:44 csco_config/locale/ja/LC_M
38 2430 Feb 16 2008 15:01:44 csco_config/locale/fr/LC_M
ion.po
39 4149 Feb 16 2008 15:01:44 csco_config/locale/fr/LC_M
der.po
40 30822 Feb 16 2008 15:01:44 csco_config/locale/fr/LC_M
41 5 Feb 16 2008 15:01:44 csco_config/locale/clean.8
53 4181246 Feb 16 2008 15:01:36 securedesktop_asa_3_2_1_10
54 0 Feb 16 2008 15:01:36 sdesktop
55 1462 Feb 16 2008 15:01:36 sdesktop/data.xml
56 3188033 Feb 16 2008 15:01:38 anyconnect-macosx-powerpc-
57 3148346 Feb 16 2008 15:01:40 anyconnect-macosx-i386-2.1
58 1955915 Feb 16 2008 15:01:42 anyconnect-win-2.1.0148-k9
59 3488201 Feb 16 2008 15:01:44 anyconnect-linux-2.1.0148-
What are these all these PortForwarder.po, linux.pkg.
I never configure any anyconnect or anything for linux connection.
Do you think it's possible someone has hacked in to my ASA?
FYI, all internet ports are open on the ADSL router to the ASA.
i would've thought this is save as we have proper ACL, allowing only access for ipsec tunnels..
let me know what you think..
thanks in advance
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I did sh run on 5 of the rest asas we have and they all show the same:
Perth-ASA5505# sh flash
Initializing disk0: cache, please wait....Done.
-#- --length-- -----date/time------ path
6 8515584 Jun 13 2008 15:13:06 asa724-k8.bin
7 4181246 Jun 13 2008 15:14:06 securedesktop-asa-3.2.1.10
8 398305 Jun 13 2008 15:14:24 sslclient-win-1.1.0.154.pk
9 6514852 Jun 13 2008 15:16:14 asdm-524.bin
12 0 Jun 13 2008 15:20:02 crypto_archive
13 8312832 Dec 15 2008 14:51:10 asa722-k8.bin
14 5623108 Dec 15 2008 14:53:14 asdm-522.bin
93515776 bytes available (33595392 bytes used)
the telnet issue, is just another weird thing, everytime tunnels are dropped, I cannot telnet to the box from LAN site and this doesn't make sense.
I'll keep question open for now, will try to run syslog server or maybe I can catch some interesting log..