[Dshield] Router Rebootarama

Andrew andrewwilly at gmail.com
Tue Apr 25 14:49:40 GMT 2006


Jon R. Kibler wrote:
> Hello All,
>
> Last week we had an incident when I was on the road where one of our
> (ancient) routers started rebooting at random. At first, I thought
> it was the router simply starting to die. Now, I am beginning to
> think otherwise. The router rebooted 14 times in a 7 hour period of
> time. At first, the reboots were occurring rather rapidly, then slowed
> to the point the last reboot was several hours after the previous
> reboot. It has now been over a week and no more reboots. I should add
> that we have full logging enabled, and the logs never showed any clue
> why the router may have been rebooting.
>
> Thus, I am beginning to suspect that the router was somehow attacked.
> It is running IOS Version 12.1(5)YB3. All external interface ports on
> the router are closed and access attempts to them are logged. The
> internal interface on the router can be accessed from only a single
> very restricted LAN IP and all access, successful or not, is also
> logged.
>
> Any idea what type of attack could cause such behavior?
>
> TIA!
> Jon Kibler
We experienced similar with a 2600 series router.  Removing an old 
4-port serial module corrected the behavior.

Andrew


More information about the list mailing list