|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: strange behavior on Cisco 2801
From: Neil Anderson (cleidh_mor
btopenworld.com)
Date: Thu Feb 01 2007 - 16:44:01 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hi Marcin,
I would put an access-class on your vty lines to allow ssh only from trusted
hosts. Either that or put an access-list on your outside interface.
Oh, and look up the abuse contact for that domain and report them. It's
probably someone trying a brute force on your ssh server.
HTH
Cheers,
Neil
On Thursday 01 February 2007 19:46, Marcin wrote:
> Hi!
>
> im running Cisco IOS software on 2801 router (C2801-ADVIPSERVICESK9-M),
> Version 12.4(3e), RELEASE SOFTWARE (fc2). I have few problems and i have
> seen strange behavior: after few hours there was no responding from router,
> no nat etc. After restart everything was ok for 10-12 hours.
>
> I have ONLY one user name to permit logon via ssh to router: marcin and
> not dictionary password (14 symbols)
>
> I logon 2 hours ago and i use command "who". I was very surprised, because
> i saw something in 1 minute 2 different usernames and NO USERNAME on vty
> 194.
>
> i looks like that:
>
> router#who
> Line User Host(s) Idle Location
> vty 194 idle 00:00:01 nt.math.nknu.edu.tw
> * vty 195 marcin idle 00:00:00
> 210-az4-2.acn.waw.pl
>
> Interface User Mode Idle Peer Address
>
> router#who
> Line User Host(s) Idle Location
> vty 194 aivankovic idle 00:00:04 nt.math.nknu.edu.tw
> * vty 195 marcin idle 00:00:00
> 210-az4-2.acn.waw.pl
>
> Interface User Mode Idle Peer Address
>
> router#who
> Line User Host(s) Idle Location
> vty 194 idle 00:00:01 nt.math.nknu.edu.tw
> * vty 195 marcin idle 00:00:00
> 210-az4-2.acn.waw.pl
>
> Interface User Mode Idle Peer Address
>
> router#who
> Line User Host(s) Idle Location
> vty 194 aivankovic idle 00:00:04 nt.math.nknu.edu.tw
> * vty 195 marcin idle 00:00:00
> 210-az4-2.acn.waw.pl
>
> router#who
> Line User Host(s) Idle Location
> vty 194 idle 00:00:01
> nt.math.nknu.edu.tw
> * vty 195 marcin idle 00:00:00
> 210-az4-2.acn.waw.pl
>
>
> router#sh users
> Line User Host(s) Idle Location
> vty 194 akrizan idle 00:00:40 nt.math.nknu.edu.tw
> * vty 195 marcin idle 00:00:00
> 210-az4-2.acn.waw.pl
>
> What is going on? have you heard about similar incident?
>
> Best regards
>
> Marcin
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
iQEVAwUARcJtPnyMjh8NQaQaAQJqjggAh1j4QbB2X0zomcznDZCm3cD0Rk/62uoN
ou8gNkdyDOKJ8H3awTM8IEKYc3bY7XDP6WPaLpxrCl8Ppe+7Bx4+M0aajtPIuoUu
Ny9qT8TpxK2tNV4JqYl1TmenVXz09dxLTgpSd0UUxLDUFD19rlW9nlWxXc0ivxs6
22IEn4NTJVqCCCYfWdLJ2e/jjQYYQgTa0G9WZNZM/cZ/LJHzIHF+0Xbz8UqcD79w
se9Tr4drbercsOhF8v5PUbXh069Yf8u21zObE4/q5ZRjhhJhqLGu85Rm8ZHZ1hO0
uf3I8WQYsg7Bgh96Q/ZhXohJ2C1ra8JlJmOFvOj/pyNDaz1rnkyruQ==
=GzG2
-----END PGP SIGNATURE-----
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]