Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Community Member

CISCO 2821 hacked

Cisco Newbie - know nothing

One of our subsidiary companies has a Cisco 2821 connected to both data and voice providers links. This device is uspported by a thrid party. Recently the device was compromised and a large phone bill was run up with the calls being made from the Cisco 2821. The local maintainer made changes to the 2821 as a result of the compromise (I have details of the cisco config logs before and after the change). My question is - is there ahjyway to interrogate the cisco config to ascertain what secuirty fixes have been applied and when ?

Many thanks for any help you can offer ?


Re: CISCO 2821 hacked

Not that I know of. There's not really "security fixes" in the Cisco environment compared to Windows update. Cisco releases IOS versions to fix issues. You could find out what version you are currently running by doing a sh ver at the command line, but that will only tell you the IOS version you're running. You can also do a sh flash or dir and it will show you the files that are in flash. It's possible that you could have two IOSs stored in flash, and one being an earlier version than the current one. (Not everyone has to delete the current version before updating to the new.)


HTH, John *** Please rate all useful posts ***
Super Bronze

Re: CISCO 2821 hacked

If you have a before and after copy of the configs, you can run any common "DIFF" utility to see what has changed.

When the changes happened is more difficult to ascertain without prelimary setup.

Community Member

Re: CISCO 2821 hacked

My first question would be whether the 2821 was compromised because of a vulnerability in the version of IOS or was it a lack of security measures enacted on the 2821 thru the configuration.

Community Member

Re: CISCO 2821 hacked

99.9% of of the time is your latter presumption. Unskilled engineers deploying configurations they have no idea what they do e.g not turning off unused services, etc.

CreatePlease to create content