INTELLIGENT WORK FORUMS
FOR COMPUTER PROFESSIONALS

Log In

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips Forums!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!

*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.

Jobs

Cisco 1941 attack

Cisco 1941 attack

(OP)
Hi,

I have a Cisco 1941 with a Data Line connected to it in my company.
Recently we suffered an attack from the public ip of the data line (I think is not adsl but similar) connected to that router and the attackers acceded to our LAN.
My question is if the Cisco 1941 keep logs of the internet connections so I can trace the ips of the attackers and how can I get the logs?

Thanks

RE: Cisco 1941 attack

if its on the device already you maybe screwed..

show logging should show you what is still on the device itself.

if it is on a syslog then you can start sniffing through there .. if you have time /date it might be more helpful .

what was the attack ? how did they get in ? do you guys not have access-lists at the least ?


We must go always forward, not backward
always up, not down and always twirling twirling towards infinity.

RE: Cisco 1941 attack

(OP)
Hi,

The logs were not exported to a Server as syslog, the only logs I could have are the ones in the router.
The router is not connected now to internet so could not be any other attack, but i would like to know if I can check any log to know the incoming ip addresses. The attack was somebody from intenet checked all our ports and our Data Line Provider (the one who admin the router) left all the ports opened. Now this provider is saying they haven't any log storage in the Router, and I can believe a router doesn't keep the logs (at least during a time). Are they right? This router doesn't storage logs?

Thanks

RE: Cisco 1941 attack

the router has very small space or very large space depending on what is configured and the router itself .. default i think is around 512 bytes for logging. past that it overwrites itself..
so it might be there, it might not..

Shitty about your ISP, shitty about you getting hacked..
get your own firewall NEVER Trust anyone to have YOUR best interest in mind even when you pay them.

We must go always forward, not backward
always up, not down and always twirling twirling towards infinity.

Red Flag This Post

Please let us know here why this post is inappropriate. Reasons such as off-topic, duplicates, flames, illegal, vulgar, or students posting their homework.

Red Flag Submitted

Thank you for helping keep Tek-Tips Forums free from inappropriate posts.
The Tek-Tips staff will check this out and take appropriate action.

Reply To This Thread

Posting in the Tek-Tips forums is a member-only feature.

Click Here to join Tek-Tips and talk with other members!

Resources

Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close