Auxiliary port - cisco router - Hacked

Hi all,
We have 3640 cisco router, connected to internet, IOS version
12.0(7)T,
when i enter "show user" command in the router

129 aux 0 idle 00:47:38 APh-Aug-101-1-1-183<message omitted>
130* vty that's me of course

then i enter the "clear line 129" to disconnect it(?) !!!!

Can someone explain me what happend here, who is connected to the
auxilary port in my router, there is no cable attached to it (am i
hacked) ???

thank you.

 

Yes: Someone telnetted to your IP address port 2001 and got the AUX port

eg: telnet x.x.x.x 2001

And they attached to the port. If you do not filter high numbered tcp ports
at the border, this can happen.

You can fix it by setting

line aux 0
transport input none

or

line aux 0
access-class xxx in

to limit connections to the AUX port (assuming you want to allow AUX port
attached devices.

The address 'APh-Aug-101-1-1-183<message omitted>' is the person who
connected to the AUX port.

If there is nothing attached to the AUX port, there is no issue. Soneone is
probably probing high port numbers looking for devices attached to AUX ports
(like consoles of other devices or modems)

Recall, the main purpose of an AUX port if to allow users to reach serially
attached auxillary devices by using telnet/TCP.