Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
You may experience some slow load times, errors, and slight inconsistencies. We ask for your patience as we finalize the launch. Thank you.

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Security hole? undefined user appeared!

Hi Everyone.

About 4days beofre I meet a very strange thing like the picture 1, there is a undefined user appeared.

I am very sure we have not a user "root".

Even we have a username "root"  we have a acl in the lien vty, this ip address is not in the permit list. how it can login in our device ?

I check the log server I notice there are some ssh log in the log server. (picture 3)

The ios version is picture 2.

I have a some question about this is my device hacked by somebady?  Is there any bug cause this ?  upgrade ios is useful?

Thanks for yours help

regards

  • Other Network Infrastructure Subjects
1 ACCEPTED SOLUTION

Accepted Solutions
New Member

What I would start with is

What I would start with is locking down all vty lines. Change the password and make sure you are using the range command. It could have been you only secured line vty 0.

Then backup your settings and re-flash the rom if your concerned that it has been breached.

I'm not a expert but you can try these steps as your waiting for one. More details would also be helpful.

2 REPLIES
New Member

What I would start with is

What I would start with is locking down all vty lines. Change the password and make sure you are using the range command. It could have been you only secured line vty 0.

Then backup your settings and re-flash the rom if your concerned that it has been breached.

I'm not a expert but you can try these steps as your waiting for one. More details would also be helpful.

New Member

Have a look on Snowden papers

Have a look on Snowden papers, the NSA ordinary use root account to access on some Cisco routers

496
Views
3
Helpful
2
Replies