[c-nsp] Hacking
Jared Mauch
jared at puck.nether.net
Sun Sep 27 09:01:00 EDT 2009
You can syslog these messages remotely as well.
there are numerous ways to create a chain of events that will allow
someone to hide their tracks, the best methods are to null route the
ip of the tacacs, radius or logging server, clearing logs, etc.
- Jared
On Sep 27, 2009, at 8:30 AM, Graham Wooden wrote:
> Well, if they didn't clear your logging buffer, you will see an
> entry like
> this in your log on the router if they went into config mode:
>
> Sep 23 12:25:00.603: %SYS-5-CONFIG_I: Configured from console by
> log_in_username on vty0 (src IP addy)
>
> So, it will show you the username they logged in as and from what IP.
>
> HTH,
>
> -graham
>
>
> On 9/27/09 5:45 AM, "Mohammad Khalil" <eng_mssk at hotmail.com> wrote:
>
>>
>> hey all
>>
>> can i know from the log or using any other method if the router was
>> hacked ??
>>
>> _________________________________________________________________
>> Show them the way! Add maps and directions to your party invites.
>> http://www.microsoft.com/windows/windowslive/products/events.aspx
>> _______________________________________________
>> cisco-nsp mailing list cisco-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
>
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
More information about the cisco-nsp
mailing list