Show Users

Unanswered Question
Feb 16th, 2010

Hello guys,

I'm seeing some unknown users in my router when I use the command SHOW USERS.

    Line       User       Host(s)              Idle       Location

706 vty 0     celi    idle                 00:00:04 205.209.X.X

I think they are trying to access my router. This might be diccionary attack. My concern is the CPU of the router, Could this attack affect the CPU and how can I avoid it.

Thanks,

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Panos Kampanakis Tue, 02/16/2010 - 06:45

One user will not affect your CPU. If you had many users trying to exhaust resources by trying to connect yes.

Or if the user succeeded in logging in and enabled debugs on your rouer he could spike the CPU.

I would suggest to set strong passwords.

Use access list to allow only specific ip addresses to have ssh access to your router and enable control plane policing to limit the amount of traffic and resources they can exhaust http://www.cisco.com/en/US/docs/ios/12_3t/12_3t4/feature/guide/gtrtlimt.html.

Also try to track down the user's ip address to see where he is from.

I hope it helps.

PK

Actions

This Discussion