Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

RV082 Log file showing authentication failure

Log is showing several attack attempts on our network.

RGFW-RATELIMIT: 1 messages of type BLOCK-SYNFLOOD reported 6 second(s) ago
Sat Mar 13 09:06:12 2010
LOGIN-WBM: Authentication Failure (2010/03/13 09:06:12 Bad login attempt for user: )

RGFW-RATELIMIT: 1 messages of type BLOCK-SYNFLOOD reported 1 second(s) ago
Sat Mar 13 09:06:09 2010

LOGIN-WBM: Authentication Failure (2010/03/13 09:06:06 Bad login attempt for user: )

Sat Mar 13 09:06:05 2010

RGFW-RATELIMIT: 2 messages of type BLOCK-SYNFLOOD reported 4 second(s) ago
Sat Mar 13 09:05:36 2010

As a precaution I changed the admin name and password. Password is now over 10 characters. admin name do not think they would ever guess.

Question-Could this be why we are starting to notice slow downs on our internet?

Second-is there anything we can do to stop some of this?

Third MOST IMPORTANT - Looking to upgrade router to a 10/1000 router. Which router is cisco putting out that has the same security and stable running as this RV082. Love the router and want one that is as good or better. Do not want wireless, and VPN not needed, but if have VPN that is ok.

Everyone's tags (3)
2 REPLIES
New Member

Re: RV082 Log file showing authentication failure

Looks like someone or something is trying to hit your router...  Could be a port scan, or some other attack.  Not really much you can do about it, but at least your router is recognizing this, and blocking it from coming though.  If these scans or whatever they are are happening constantly, it could cause your internet speeds to slow down.

The only thing I can think of the you could try, is to get a new IP address if it is static, or try releasing and renewing your IP if you are receiving a DHCP address.

The replacement for the RV082, or the RV0xx series are the SA520, SA520W, and SA540, which are security appliances/routers.  There are also the SR520 routers that are available in 3 models.  (Ethernet, DSL, T1)    (The SA routers support 10/100/100, the SR routers only support 10/100.)

SA520, SA520W, & SA540 -

http://www.cisco.com/en/US/prod/collateral/vpndevc/ps6032/ps6094/ps9932/data_sheet_c78-542899.html

SR520's

http://www.cisco.com/en/US/partner/products/ps9305/products_data_sheets_list.html

Now, since these routers are new, I can't say they are as stable as the RV0xx series at this point, or at least don't have enough data to confirm, but I have no doubt that they will be as the products mature.

Thank you,

Darren

New Member

Re: RV082 Log file showing authentication failure

I have the same issue and have also changed the user id/password.  However, in order to stop such an attack, it would be necessary, it seems to me, to get the IP address of the offending party.  I cannot seem to get that information from the router.

At least one could report that to the domain's authority and theoretically they could match the ongoing attack to the individual host, even via DHCP, allowing them to act against them.  Maybe we could start shutting these jokers down and get an actual prosecution going.  The fact that they are attempting break-ins and wasting significant amounts of our bandwidth should be sufficient cause if one could get a local prosecutor interested.

Perhaps there are other remedies as well, but I'm not a security expert by any stretch of the imagination.

2137
Views
0
Helpful
2
Replies