Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Somebody Hacker me!!

PLEASE!!

Can you tell me if I have some open door to my net ? ?

Gdl. Jal. Mex.

I´m using a Pix 515r v. 5.3(1) and my Basic Configuration is:

Building configuration...

: Saved

:

PIX Version 5.3(1)

nameif ethernet0 outside security0

nameif ethernet1 inside security100

nameif ethernet2 dmz security50

enable password

passwd

hostname SDGDLPIX

fixup protocol ftp 21

fixup protocol http 80

fixup protocol h323 1720

fixup protocol rsh 514

fixup protocol smtp 25

fixup protocol sqlnet 1521

fixup protocol sip 5060

names

name 192.168.30.101 CORREOS

name 192.168.30.100 SDWEBGDL

name 192.168.1.31 DESARROLLO

name 192.168.1.28 PRODUCCION

name 192.168.1.27 PAQUETE

name 192.168.1.13 NTSERVER

name 192.168.1.41 AMANDA

access-list alin permit tcp any any eq smtp

access-list alin permit tcp any any eq pop3

access-list alin permit tcp any any eq 42

access-list alin permit tcp any any eq domain

access-list alin permit tcp any any eq 143

access-list alin permit tcp any any eq 1512

access-list alin permit ip any any

access-list alin permit udp any any eq nameserver

access-list alin permit udp any any eq 1512

access-list alin permit udp any any eq domain

access-list alin permit tcp any host DESARROLLO range 3200 3400

access-list alin permit tcp any host PRODUCCION range 3200 3400

access-list alin permit tcp any host PAQUETE range 3200 3400

access-list alin permit tcp any host NTSERVER range 3200 3400

access-list alin permit tcp any host AMANDA eq 130

access-list aldm permit tcp any any eq smtp

access-list aldm permit tcp any any eq pop3

access-list aldm permit tcp host CORREOS host A.A.A.A eq 139

access-list aldm permit tcp host CORREOS host A.A.A.A eq 135

access-list aldm permit udp host CORREOS host A.A.A.A eq netbios-ns

access-list aldm permit udp host CORREOS host A.A.A.A eq netbios-dgm

access-list aldm permit tcp any any eq 42

access-list aldm permit tcp any any eq domain

access-list aldm permit tcp any any eq 143

access-list aldm permit tcp any any eq 1512

access-list aldm permit tcp any host SDWEBGDL eq www

access-list aldm permit udp any any eq nameserver

access-list aldm permit udp any any eq domain

access-list aldm permit udp any any eq 1512

access-list aldm permit tcp any host CORREOS eq www

access-list aldm permit tcp any host CORREOS eq 443

access-list aldm permit tcp any host CORREOS eq 995

access-list alou permit tcp any any eq smtp

access-list alou permit tcp any any eq pop3

access-list alou permit tcp any any eq 42

access-list alou permit tcp any any eq domain

access-list alou permit tcp any any eq 143

access-list alou permit tcp any any eq 1512

access-list alou permit tcp any host B.B.B.B eq www

access-list alou permit udp any any eq 1512

access-list alou permit udp any any eq domain

access-list alou permit udp any any eq nameserver

access-list alou permit tcp any host C.C.C.C range 3200 3400

access-list alou permit tcp any host D.D.D.D range 3200 3400

access-list alou permit tcp any host E.E.E.E range 3200 3400

access-list alou permit tcp any host A.A.A.A eq www

access-list alou permit tcp any host A.A.A.A eq 443

access-list alou permit tcp any host A.A.A.A eq 995

access-list alou permit tcp any host F.F.F.F range 3200 3400

access-list alou permit tcp any host G.G.G.G eq 130

pager lines 24

logging on

no logging timestamp

no logging standby

no logging console

no logging monitor

no logging buffered

no logging trap

no logging history

logging facility 20

logging queue 512

interface ethernet0 auto

interface ethernet1 auto

interface ethernet2 auto

mtu outside 1500

mtu inside 1500

mtu dmz 1500

ip address outside H.H.H.H 255.255.255.192

ip address inside 192.168.1.10 255.255.255.0

ip address dmz 192.168.30.10 255.255.255.0

ip audit info action alarm

ip audit attack action alarm

arp timeout 14400

global (outside) 1 X.X.X.120-X.X.X.125 netmask 255.255.255.192

global (outside) 1 X.X.X.126 netmask 255.255.255.192

global (dmz) 1 192.168.30.120-192.168.30.125 netmask 255.255.255.0

global (dmz) 1 192.168.30.127-192.168.30.250 netmask 255.255.255.0

global (dmz) 1 192.168.30.126 netmask 255.255.255.0

nat (inside) 1 0.0.0.0 0.0.0.0 0 0

nat (dmz) 1 0.0.0.0 0.0.0.0 0 0

static (dmz,outside) A.A.A.A CORREOS netmask 255.255.255.255 0 0

static (dmz,outside) B.B.B.B SDWEBGDL netmask 255.255.255.255 0 0

static (inside,outside) C.C.C.C DESARROLLO netmask 255.255.255.255 0 0

static (inside,outside) D.D.D.D PRODUCCION netmask 255.255.255.255 0 0

static (inside,outside) E.E.E.E PAQUETE netmask 255.255.255.255 0 0

static (inside,outside) F.F.F.F NTSERVER netmask 255.255.255.255 0 0

static (inside,outside) G.G.G.G AMANDA netmask 255.255.255.255 0 0

access-group alou in interface outside

access-group alin in interface inside

access-group aldm in interface dmz

established tcp 135 0 permitto tcp 1024-65535 permitfrom tcp 0

rip inside passive version 1

rip inside default version 1

route outside 0.0.0.0 0.0.0.0 X.X.X.65 1

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h323 0:05:00 si

p 0:30:00 sip_media 0:02:00

timeout uauth 0:05:00 absolute

aaa-server TACACS+ protocol tacacs+

aaa-server RADIUS protocol radius

no snmp-server location

no snmp-server contact

snmp-server community public

no snmp-server enable traps

floodguard enable

no sysopt route dnat

isakmp identity hostname

telnet 192.168.20.50 255.255.255.255 inside

telnet timeout 5

ssh timeout 5

terminal width 80

Cryptochecksum:a8e3bea2d825e1e0f04f991084bd7630

: end

6 REPLIES
New Member

Re: Somebody Hacker me!!

Yes.. there is all kinds of ports open 80, 25 plus more as Im sure you know.. If you got hacked, how do know it did not happen form the inside interface?

Do you have log files? If , check them & see the data.

New Member

Re: Somebody Hacker me!!

could you tell me what should I do for fix the mistakes in my config??

this situation is new for me!

the person only affect one server in DMZ! (minimun) and I´m sure wasn´t in inside, can somebody affect us in inside too??

Please, I´m very glad with your help!

thanks in advance.

New Member

Re: Somebody Hacker me!!

There is nothing you can do to your config to stop the intruder except deny their IP address.

ip audit command works & and access-list deny

Make sure you only have the necessary ports open you need to have open for that host in that DMZ or any other interface.

The #1 thing is to make sure you have the actual box locked down with the latest hot fixes and services packs (if its a MS box) or have the latest security packages installed for Linux/Sun box and get rid of any services you do not need.

So make sure you lock down the hosts /servers on the inside first. If that box was compromised, backup the important files, then wipe out the HD on it and start over. You never know what has been installed on that box - could be an encrypted file that is hidden and you may miss that initially on checking the box out to see what happened. Just my opinion.

You can be hacked from the inside also, this is actually happens more than on the outside. More malicious attempts happen within the company that from the outside based overall.

New Member

Re: Somebody Hacker me!!

I really appreciated your help, and suggests.

Regards.

Ubaldo, Gdl. Jal. Mex.

New Member

Re: Somebody Hacker me!!

I also think it is really not a good idea with so many "permit tcp any any" statements. Like

access-list alou permit tcp any any eq smtp

access-list alou permit tcp any any eq pop3

these allow any from the outside access any in the inside via smtp and pop3. ?!

New Member

Re: Somebody Hacker me!!

Can somebody damage me by this ports open in my config??

for example view Information or change it in inside??

should I change the second any by my single hosts and nets??

is this that you want to said?

I hope your response, thanks in advance....

Gdl. Jal. Mex.

181
Views
0
Helpful
6
Replies
CreatePlease login to create content