Cisco ACS Caller-id says "async"

Answered Question
Oct 21st, 2009
User Badges:

Hey guys,


I have an ACS in place that is recording Failed attempts on SSH sessions from some of my routers in the field. I noticed that I was getting attacked from different IP addresses trying to logon via SSH. Multiple userID's were being used and it told me the location of the attacker.


That said, recently I went to put ACL's on my WAN interface to block SSH from anyone but my Home Office IP and I noticed that one of the "Caller-ID" fields has "async" as the caller instead of an IP. Can someone tell me what this means?


Thanks in advance.

-Josh

Correct Answer by Jatin Katyal about 7 years 7 months ago

Hi Josh,


you need to check whether this is coming from the known or unknown NAS look for NAS ip address.


Are you getting this message in the failed attempts "External DB user invalid or bad" or you see all garbage in the user's name?


If we look at the Failed logs and we see


Caller-ID = async

NAS-Port = tty0


- tty0 is the console port

then pick the NAS ip and see what is connected to the Console port of the

that device,


It seems like there is something that is causing a noise on console port (tty0).


You can check this by running sh line on that device.


- If it is terminal server, then under line x y, issue the command "no

exec".


HTH


JK


Plz rate helpful posts-

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
Jatin Katyal Wed, 10/21/2009 - 12:53
User Badges:
  • Cisco Employee,

Hi Josh,


you need to check whether this is coming from the known or unknown NAS look for NAS ip address.


Are you getting this message in the failed attempts "External DB user invalid or bad" or you see all garbage in the user's name?


If we look at the Failed logs and we see


Caller-ID = async

NAS-Port = tty0


- tty0 is the console port

then pick the NAS ip and see what is connected to the Console port of the

that device,


It seems like there is something that is causing a noise on console port (tty0).


You can check this by running sh line on that device.


- If it is terminal server, then under line x y, issue the command "no

exec".


HTH


JK


Plz rate helpful posts-

Joshua Engels Wed, 10/21/2009 - 13:18
User Badges:

That appears to be the problem. Someone plugged a network cable into the console port. Thanks.


Actions

This Discussion