Cisco 1941 attack

[Jimmyjoe1975]

Hi,

I have a Cisco 1941 with a Data Line connected to it in my company.
Recently we suffered an attack from the public ip of the data line (I think is not adsl but similar) connected to that router and the attackers acceded to our LAN.
My question is if the Cisco 1941 keep logs of the internet connections so I can trace the ips of the attackers and how can I get the logs?

Thanks

 

[imbadatthis]

if its on the device already you maybe screwed..

show logging should show you what is still on the device itself.

if it is on a syslog then you can start sniffing through there .. if you have time /date it might be more helpful .

what was the attack ? how did they get in ? do you guys not have access-lists at the least ?




We must go always forward, not backward
always up, not down and always twirling twirling towards infinity.

 

[Jimmyjoe1975]

Hi,

The logs were not exported to a Server as syslog, the only logs I could have are the ones in the router.
The router is not connected now to internet so could not be any other attack, but i would like to know if I can check any log to know the incoming ip addresses. The attack was somebody from intenet checked all our ports and our Data Line Provider (the one who admin the router) left all the ports opened. Now this provider is saying they haven't any log storage in the Router, and I can believe a router doesn't keep the logs (at least during a time). Are they right? This router doesn't storage logs?

Thanks

 

[imbadatthis]

the router has very small space or very large space depending on what is configured and the router itself .. default i think is around 512 bytes for logging. past that it overwrites itself..
so it might be there, it might not..

Shitty about your ISP, shitty about you getting hacked..
get your own firewall NEVER Trust anyone to have YOUR best interest in mind even when you pay them.


We must go always forward, not backward
always up, not down and always twirling twirling towards infinity.