Nabil,
I did not bother to backtrack your message, and I am giving you the
benefit of the doubt; however, your message has a distinct smell of
salmon about it. Either that, or my paranoid sense is tingling
(apologies to Spider Man).
First: Get an UPS!
Preferably one that you can lock. Take come hot glue, and glue the
power cord into the router, and into the UPS (do so in such a way you
can tell if the power cord was removed). Put a security tape (like the
"do not cross this line" tape used by the cops) over the power switch on
the router and on the UPS.
(I find it hard to believe that you would have a multi-kilo dollar
router that is not on at least 100 buck UPS).
That will help detect him/her at the physical layer.
I assume she/he gets in through the console port. Secure it, and
require a password only you know.
Put a modem on the AUX for yourself for OOB management.
Implement a TACACS/RADIUS, and assign this person a username/password.
Track the hell out of it: there are more ways to do this than to choke
a cat.
ACL! ACL! ACL! Use them! If this person is telneting, lock down your
telnet sessions.
And, of course, you have SNMP! I assume that you have some type of
monitoring software? If so, monitor the router: whenever it goes down,
you should be paged immediately, and have a phone in that room with teh
router so that you can call this person and tell them to get out of
there NOW. You should have a second number to their boss, and tell him
about this person. Then you should have a third number to the boss of
the boss.
Good luck catching your "hacker".
Skeptical Charles
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Posted At: Friday, June 16, 2000 6:05 PM
Posted To: cisco
Conversation: Help me catch a Hacker
Subject: Help me catch a Hacker
Greetings,
I've a 7000 router in a remote location and it seems
the local admin hacking in by using the power outage
excuse. He changes the password by rebooting the
router and peeks around. I'm trying to catch him in
the act or log his activities, any ideas?????
Thanks,
Nabil
___________________________________
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
---
___________________________________
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
