Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Hackers or corrupt IOS....

Status
Not open for further replies.
jamin123

jamin123

IS-IT--Management
Feb 28, 2002
182
0
0
US
Lately, every few days I am lock out my 2514 router which is connected to my Cable modem and LAN. After reseting password I lost all config. and I noticed the config-reg is mysteriously set to 0x141, and router boots into Ramon i.e, Router(boot)>

I am in the process of building a Linux Firewall for my Lab.

 
Sort by date Sort by votes
Well for one, since that box is on your LAN, is it your NAT box? Also, if it is, do you have an access-list on the vty's? You could also do a "sh line" to view the history usage of the lines...


BuckWeet
 
Upvote 0 Downvote
It is my NAT box. I've all kind of access-list, CAR and CBAC ip inspect. They seem to crack my enable secret and always lock me out. Once even the router name was changed.

I am running IP/FW IOS.
 
Upvote 0 Downvote
You obviously have a problem.
I would wipe the router's config, new passwords,
reflash it if you have a backup and reconfigure.

What services is this router offering?
 
Upvote 0 Downvote
Sounds like you need to make better access-lists on the vty terminals, and also make sure there is a password on the aux and console ports (not sure if this is for personal use at home or at a business). Also come up with better enable secret passwords, because that password is not possible to crack (from my knowledge) i've never seen password crackers for it. But I have for the normal level 7 passwords.. Make better passwords for the vty's as well, and make sure its a different password for the enable secret.. Also, make sure SNMP isn't enable, if it is, assign an access-list so that only internal machines get access to it, same for the vty's.. Make sure that they aren't getting in through an internal machine as well.

Hope this helps

BuckWeet
 
Upvote 0 Downvote
If they hack you::
you are offering some braindead service
you have easily guessable passwords
they have trojaned your ios.

Don't take halfmeasures now..
reinstall.
 
Upvote 0 Downvote
Double check that you have the command "no ip http server" cisco will allow web access to the device through a browser and is pretty easy to crack
 
Upvote 0 Downvote
no ip http server! Thanks you. It took me a few weeks to finally figured it out.
 
Upvote 0 Downvote
humm
just tried that command.

jupiter9#sh line
Tty Typ Tx/Rx Uses Noise Overruns Int
0 CTY 0 0 0/0 -
* 1 VTY 70 0 0/0 -
2 VTY 31 0 0/0 -
3 VTY 1 0 0/0 -

get's me a little worried,im i always using the same vty
when i'm telnetting ?
can i clear those counter's?
changed password and enable local ,will b that bit more
harder to hack if this is the case..
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

inlsp05
  • Locked
  • Question
2811 ios start with cf
Replies
0
Views
46
inlsp05
inlsp05
Lccarter
  • Locked
  • Question
Cisco CUCM Provisioning and Order Management System
Replies
1
Views
69
Lccarter
Lccarter
mikey789
  • Locked
  • Question
Anyone Know How cisco Calculates CRC on IOS When Decompressing ?
Replies
1
Views
49
iggsterman
iggsterman
mikey789
  • Locked
  • Question
Is There a Way to Calculate the Memorty Req'd for An IOS ?
Replies
1
Views
52
burtsbees
burtsbees
DrB0b
  • Locked
  • Question
Known issues or dangers in purchasing L3 switches that are used
Replies
3
Views
55
CASSBusinessSystems
CASSBusinessSystems

Part and Inventory Search

Sponsor

Back
Top