cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3306
Views
10
Helpful
2
Replies
Highlighted
Beginner

Cisco ACS Caller-id says "async"

Hey guys,

I have an ACS in place that is recording Failed attempts on SSH sessions from some of my routers in the field. I noticed that I was getting attacked from different IP addresses trying to logon via SSH. Multiple userID's were being used and it told me the location of the attacker.

That said, recently I went to put ACL's on my WAN interface to block SSH from anyone but my Home Office IP and I noticed that one of the "Caller-ID" fields has "async" as the caller instead of an IP. Can someone tell me what this means?

Thanks in advance.

-Josh

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: Cisco ACS Caller-id says "async"

Hi Josh,

you need to check whether this is coming from the known or unknown NAS look for NAS ip address.

Are you getting this message in the failed attempts "External DB user invalid or bad" or you see all garbage in the user's name?

If we look at the Failed logs and we see

Caller-ID = async

NAS-Port = tty0

- tty0 is the console port

then pick the NAS ip and see what is connected to the Console port of the

that device,

It seems like there is something that is causing a noise on console port (tty0).

You can check this by running sh line on that device.

- If it is terminal server, then under line x y, issue the command "no

exec".

HTH

JK

Plz rate helpful posts-

~Jatin Katyal
2 REPLIES 2
Cisco Employee

Re: Cisco ACS Caller-id says "async"

Hi Josh,

you need to check whether this is coming from the known or unknown NAS look for NAS ip address.

Are you getting this message in the failed attempts "External DB user invalid or bad" or you see all garbage in the user's name?

If we look at the Failed logs and we see

Caller-ID = async

NAS-Port = tty0

- tty0 is the console port

then pick the NAS ip and see what is connected to the Console port of the

that device,

It seems like there is something that is causing a noise on console port (tty0).

You can check this by running sh line on that device.

- If it is terminal server, then under line x y, issue the command "no

exec".

HTH

JK

Plz rate helpful posts-

~Jatin Katyal
Beginner

Re: Cisco ACS Caller-id says "async"

That appears to be the problem. Someone plugged a network cable into the console port. Thanks.