Auxiliary port - cisco router - Hacked

Discussion in 'Cisco' started by fatah, May 22, 2004.

  1. fatah

    fatah Guest

    Hi all,
    We have 3640 cisco router, connected to internet, IOS version
    12.0(7)T,
    when i enter "show user" command in the router

    129 aux 0 idle 00:47:38 APh-Aug-101-1-1-183<message omitted>
    130* vty that's me of course

    then i enter the "clear line 129" to disconnect it(?) !!!!

    Can someone explain me what happend here, who is connected to the
    auxilary port in my router, there is no cable attached to it (am i
    hacked) ???

    thank you.
     
    fatah, May 22, 2004
    #1
    1. Advertisements

  2. Yes: Someone telnetted to your IP address port 2001 and got the AUX port

    eg: telnet x.x.x.x 2001

    And they attached to the port. If you do not filter high numbered tcp ports
    at the border, this can happen.

    You can fix it by setting

    line aux 0
    transport input none

    or

    line aux 0
    access-class xxx in

    to limit connections to the AUX port (assuming you want to allow AUX port
    attached devices.

    The address 'APh-Aug-101-1-1-183<message omitted>' is the person who
    connected to the AUX port.

    If there is nothing attached to the AUX port, there is no issue. Soneone is
    probably probing high port numbers looking for devices attached to AUX ports
    (like consoles of other devices or modems)

    Recall, the main purpose of an AUX port if to allow users to reach serially
    attached auxillary devices by using telnet/TCP.
     
    Phillip Remaker, May 24, 2004
    #2
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.