Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Cisco 1941 attack

Status
Not open for further replies.

Jimmyjoe1975

Technical User
Feb 19, 2008
202
NO
Hi,

I have a Cisco 1941 with a Data Line connected to it in my company.
Recently we suffered an attack from the public ip of the data line (I think is not adsl but similar) connected to that router and the attackers acceded to our LAN.
My question is if the Cisco 1941 keep logs of the internet connections so I can trace the ips of the attackers and how can I get the logs?

Thanks
 
if its on the device already you maybe screwed..

show logging should show you what is still on the device itself.

if it is on a syslog then you can start sniffing through there .. if you have time /date it might be more helpful .

what was the attack ? how did they get in ? do you guys not have access-lists at the least ?




We must go always forward, not backward
always up, not down and always twirling twirling towards infinity.
 
Hi,

The logs were not exported to a Server as syslog, the only logs I could have are the ones in the router.
The router is not connected now to internet so could not be any other attack, but i would like to know if I can check any log to know the incoming ip addresses. The attack was somebody from intenet checked all our ports and our Data Line Provider (the one who admin the router) left all the ports opened. Now this provider is saying they haven't any log storage in the Router, and I can believe a router doesn't keep the logs (at least during a time). Are they right? This router doesn't storage logs?

Thanks
 
the router has very small space or very large space depending on what is configured and the router itself .. default i think is around 512 bytes for logging. past that it overwrites itself..
so it might be there, it might not..

Shitty about your ISP, shitty about you getting hacked..
get your own firewall NEVER Trust anyone to have YOUR best interest in mind even when you pay them.


We must go always forward, not backward
always up, not down and always twirling twirling towards infinity.
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top