cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Join Customer Connection to register!
962
Views
5
Helpful
6
Replies
Francisco87
Beginner

Trafic into vty line between LIIN0 and an unknow foreign address

Hi guys,

I have on my C3850 something weird ...

All my line vty are use by an unknow machine (screenshot below)

I tried some command like "clear line vty" or "clear tcp bcp ###" etc, but this machine (192.168.1.2) still open telnet connection between LIIN0 (192.168.1.1) and Foreign address (192.168.1.2) on my vty line ...

 

There is somebody here have already seen this before and what can i do ??

 

Thanks  in advance, (sorry for my langage and syntax for my first post here ^^)

line.pngline2.pngline3.pngline4.pngline5.png

 

 

1 ACCEPTED SOLUTION

Accepted Solutions

6 REPLIES 6
Jeroen Huysmans
Beginner

are you running some special stuff on this device?

LIIN = Linux-IOS Internal Network

 

Jeroen

Hi Jeroen,

 

Thanks for your answer.

 

My stack running this version : 03.02.03SE..

Does it mean that there is an attack on my LAN ?

How can i fixe it ?

 

Thanks a lot

 

 

 

 

You run a version that matches the affected versions on a 3850. This makes you vulnerable to this bug.

I cannot confirm if you're compromised or not as I have no further knowledge of your network.

 

Please read the bug report and try to verify if it's worth to perform an upgrade or not. They also provide a workaround.

 

Jeroen

 

 

Do you have any tips to find the @mac of this ip machine (192.168.1.2) with some cisco command or somethings else?
NB : I fixed it with acces-list on the vty line, but i'm insightful and wd'like to know what happened ;)
Thanks Jeroen

Hi,

 

no idea... I don't think the embedded Linux is accessible. That would probably by the place to check the arp-cache for that specific IP and retrieve the mac.

 

Jeroen