cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
478
Views
0
Helpful
4
Replies

CISCO 2821 hacked

strebor44
Level 1
Level 1

Cisco Newbie - know nothing

One of our subsidiary companies has a Cisco 2821 connected to both data and voice providers links. This device is uspported by a thrid party. Recently the device was compromised and a large phone bill was run up with the calls being made from the Cisco 2821. The local maintainer made changes to the 2821 as a result of the compromise (I have details of the cisco config logs before and after the change). My question is - is there ahjyway to interrogate the cisco config to ascertain what secuirty fixes have been applied and when ?

Many thanks for any help you can offer ?

4 Replies 4

John Blakley
VIP Alumni
VIP Alumni

Not that I know of. There's not really "security fixes" in the Cisco environment compared to Windows update. Cisco releases IOS versions to fix issues. You could find out what version you are currently running by doing a sh ver at the command line, but that will only tell you the IOS version you're running. You can also do a sh flash or dir and it will show you the files that are in flash. It's possible that you could have two IOSs stored in flash, and one being an earlier version than the current one. (Not everyone has to delete the current version before updating to the new.)

--John

HTH, John *** Please rate all useful posts ***

Joseph W. Doherty
Hall of Fame
Hall of Fame

If you have a before and after copy of the configs, you can run any common "DIFF" utility to see what has changed.

When the changes happened is more difficult to ascertain without prelimary setup.

h.parsons
Level 3
Level 3

My first question would be whether the 2821 was compromised because of a vulnerability in the version of IOS or was it a lack of security measures enacted on the 2821 thru the configuration.

99.9% of of the time is your latter presumption. Unskilled engineers deploying configurations they have no idea what they do e.g not turning off unused services, etc.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: