[Dshield] Router Rebootarama

Jon R. Kibler Jon.Kibler at aset.com
Tue Apr 25 11:09:57 GMT 2006


Hello All,

Last week we had an incident when I was on the road where one of our
(ancient) routers started rebooting at random. At first, I thought
it was the router simply starting to die. Now, I am beginning to
think otherwise. The router rebooted 14 times in a 7 hour period of
time. At first, the reboots were occurring rather rapidly, then slowed
to the point the last reboot was several hours after the previous
reboot. It has now been over a week and no more reboots. I should add
that we have full logging enabled, and the logs never showed any clue
why the router may have been rebooting.

Thus, I am beginning to suspect that the router was somehow attacked.
It is running IOS Version 12.1(5)YB3. All external interface ports on
the router are closed and access attempts to them are logged. The
internal interface on the router can be accessed from only a single
very restricted LAN IP and all access, successful or not, is also
logged.

Any idea what type of attack could cause such behavior?

TIA!
Jon Kibler
--
Jon R. Kibler
Chief Technical Officer
A.S.E.T., Inc.
Charleston, SC  USA
(843) 849-8214


More information about the list mailing list