Hi guys,
We have a security problem with our ISP’s Cisco 2500 router. That is we have an unknown user that comes in through Serial0 WAN port. “show users” command indicates that it is in the list along with our authenticated users. The funny thing is that it uses PPP protocol while our authentic users are in through normal asynch interfaces.
Since it is not a legal user, our RADIUS server (NTTac Plus) generates a lenghy list of failed authentication for “serial0”. The logs also show that it enters and leaves in a matter of seconds for a long period of time, suggesting an automated attack.
Any input would be greatly appreciated.
Regards,
Amin
