01-27-2006 09:34 AM - edited 03-09-2019 01:46 PM
I saw this for the first time in Ciscoworks Notification log for my PIX. I know what the command is used for but where is this coming from and why?
ser 'enable_15' executed the 'disable' command. *
2. PIX1 204.253.220.XX Jan 27 2006 00:32:02 PIX 5 502103 User priv level changed: Uname: enable_1 From: 15 To: 1 *
3. PIX1 204.253.220.XX Jan 27 2006 00:32:02 PIX 5 111008 User 'enable_15' executed the 'pager lines 24' command. *
4. PIX1 204.253.220.XX Jan 27 2006 00:32:02 PIX 5 111005 console end configuration: OK *
5. PIX1 204.253.220.XX Jan 27 2006 00:32:02 PIX 5 111008 User 'enable_15' executed the 'no pager' command. *
6. PIX1 204.253.220.XX Jan 27 2006 00:32:02 PIX 5 111008 User 'enable_15' executed the 'configure t' command. *
7. PIX1 204.253.220.XX Jan 27 2006 00:32:02 PIX 5 111007 Begin configuration: console reading from terminal *
8. PIX1 204.253.220.XX Jan 27 2006 00:32:02 PIX 5 111008 User 'enable_15' executed the 'pager lines 24' command. *
9. PIX1 204.253.220.XX Jan 27 2006 00:32:02 PIX 5 111005 console end configuration: OK
01-31-2006 08:29 AM
See if this URL helps.. according to this, there is a valid config change executed by the user.
what is the IP address on the error messages ? a valid one ??
Regards
Raj
02-28-2006 02:40 PM
The problem is, I did not login and make any changes. No one else has access to this PIX. Am I getting hacked?
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: