paleogryph
MIS
I leave my 806 on most of the time connected to cable modem. It is the firewall/gateway for my linux/win2k machines. It runs nat and has acls and ip inspects running.
One day I was on my router and typed "show access-list". Out of nowhere there was a permit ACL that I didn't add! It was a permit for a specific public ip for port 8006. I tried to ping the address, but didn't get a response. I shut down my cable modem and restarted windows. When I got back up and got back onto the router and that acl was gone. What?!?
I looked up that port and it appears to be used with Tomcat. However, I looked in /etc/services on my linux boxes and 8006 isn't there. I assume someone gained access via vty 0 4 and used some kind of brute force pw attack, because the pw was pretty gnarly. Since then I added an acl for vty 0 4 to allow only the internal private network access, and changed the password.
One day I was on my router and typed "show access-list". Out of nowhere there was a permit ACL that I didn't add! It was a permit for a specific public ip for port 8006. I tried to ping the address, but didn't get a response. I shut down my cable modem and restarted windows. When I got back up and got back onto the router and that acl was gone. What?!?
I looked up that port and it appears to be used with Tomcat. However, I looked in /etc/services on my linux boxes and 8006 isn't there. I assume someone gained access via vty 0 4 and used some kind of brute force pw attack, because the pw was pretty gnarly. Since then I added an acl for vty 0 4 to allow only the internal private network access, and changed the password.