General discussion


Cisco Router Security Problem

By persiantools ·
Hi guys,
We have a security problem with our ISP's Cisco 2500 router. That is we have an unknown user that comes in through Serial0 WAN port. "show users" command indicates that it is in the list along with our authenticated users. The funny thing is that it uses PPP protocol while our authentic users are in through normal asynch interfaces.
Since it is not a legal user, our RADIUS server (NTTac Plus) generates a lenghy list of failed authentication for "serial0". The logs also show that it enters and leaves in a matter of seconds for a long period of time, suggesting an automated attack.
Any input would be greatly appreciated.

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Collapse -

I thought that model was out!

by areets In reply to Cisco Router Security Pro ...

If you do not use PPP on your E1/T1 serial link, disable it.

It's active by default. Or you could change to a loopback connection.


Collapse -

not yet

by persiantools In reply to I thought that model was ...

We can't throw away ppp. we rely on it.

Collapse -

by ne8906 In reply to Cisco Router Security Pro ...

Notify its ISP along with its MACs and disabled logging on that block of IP address.

Related Discussions

Related Forums