Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
896
Views
3
Helpful
2
Replies

Security hole? undefined user appeared!

Go to solution
Nan Xu
Level 1
Level 1

‎10-31-2014 02:20 PM - edited ‎03-03-2019 07:38 AM

Hi Everyone.

About 4days beofre I meet a very strange thing like the picture 1, there is a undefined user appeared.

I am very sure we have not a user "root".

Even we have a username "root"  we have a acl in the lien vty, this ip address is not in the permit list. how it can login in our device ?

I check the log server I notice there are some ssh log in the log server. (picture 3)

The ios version is picture 2.

I have a some question about this is my device hacked by somebady?  Is there any bug cause this ?  upgrade ios is useful?

Thanks for yours help

regards

Labels:
Preview file
7 KB
Preview file
39 KB
Preview file
18 KB
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Joseph Fischer
Level 1
Level 1

‎11-02-2014 06:20 AM

What I would start with is locking down all vty lines. Change the password and make sure you are using the range command. It could have been you only secured line vty 0.

Then backup your settings and re-flash the rom if your concerned that it has been breached.

I'm not a expert but you can try these steps as your waiting for one. More details would also be helpful.

View solution in original post

2 Replies 2

Go to solution
Joseph Fischer
Level 1
Level 1

‎11-02-2014 06:20 AM

What I would start with is locking down all vty lines. Change the password and make sure you are using the range command. It could have been you only secured line vty 0.

Then backup your settings and re-flash the rom if your concerned that it has been breached.

I'm not a expert but you can try these steps as your waiting for one. More details would also be helpful.

Go to solution
Miroslav Berkov
Level 1
Level 1

‎05-29-2015 02:07 PM

Have a look on Snowden papers, the NSA ordinary use root account to access on some Cisco routers

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents