12-01-2017 01:58 AM - edited 03-08-2019 12:57 PM
Hi guys,
I have on my C3850 something weird ...
All my line vty are use by an unknow machine (screenshot below)
I tried some command like "clear line vty" or "clear tcp bcp ###" etc, but this machine (192.168.1.2) still open telnet connection between LIIN0 (192.168.1.1) and Foreign address (192.168.1.2) on my vty line ...
There is somebody here have already seen this before and what can i do ??
Thanks in advance, (sorry for my langage and syntax for my first post here ^^)
Solved! Go to Solution.
12-01-2017 03:16 AM
that being said, there seems to be a bug which has many similarities:
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCuj90227
are you running the listed software releases?
12-01-2017 02:53 AM
are you running some special stuff on this device?
LIIN = Linux-IOS Internal Network
Jeroen
12-01-2017 03:16 AM
that being said, there seems to be a bug which has many similarities:
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCuj90227
are you running the listed software releases?
12-01-2017 03:26 AM
Hi Jeroen,
Thanks for your answer.
My stack running this version : 03.02.03SE..
Does it mean that there is an attack on my LAN ?
How can i fixe it ?
Thanks a lot
12-01-2017 04:17 AM
You run a version that matches the affected versions on a 3850. This makes you vulnerable to this bug.
I cannot confirm if you're compromised or not as I have no further knowledge of your network.
Please read the bug report and try to verify if it's worth to perform an upgrade or not. They also provide a workaround.
Jeroen
12-05-2017 07:56 AM - edited 12-05-2017 08:00 AM
Do you have any tips to find the @mac of this ip machine (192.168.1.2) with some cisco command or somethings else?
NB : I fixed it with acces-list on the vty line, but i'm insightful and wd'like to know what happened ;)
Thanks Jeroen
12-08-2017 12:38 AM
Hi,
no idea... I don't think the embedded Linux is accessible. That would probably by the place to check the arp-cache for that specific IP and retrieve the mac.
Jeroen
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: