From: sascha.lemberg@degussa.com
Date: Sun Nov 28 2004 - 14:56:49 GMT-3
Are some of your components connected via Console-port to an oob-management
? If so, use a no exec on console0 to avoid unneeded errormessages on ACS.
Mit freundlichen Gr|_en / Best regards
Sascha Lemberg
its.on
Global Network Services
T +49.(0)69 218 5663
E-Mail: sascha.lemberg@degussa.com
"mmj"
<groupstudy@users. An: "'Vishal B Patel'" <vishalp@fasttelco.net>, <ccielab@groupstudy.com>
hotpop.com> Kopie:
Gesendet von: Thema: RE: Attack on Authentication Server
nobody@groupstudy.
com
28.11.2004 12:36
Bitte antworten an
"mmj"
I cannot give stright answer but,
To give some directions:
-clean ACS, trough accepted loging method from NAS or user group
-clean NAS, trough accepted loging method from user
find a way in interface/Group/network configuration to accept only needed
Service-Type
Login-TCP-Port
Login-Service
Etc. That should clean logs.
Furthermore explain if you need tacacs or radius for your NAS or user
requirements?
Martijn
-----Oorspronkelijk bericht-----
Van: nobody@groupstudy.com [mailto:nobody@groupstudy.com] Namens Vishal B
Patel
Verzonden: zaterdag 13 november 2004 23:12
Aan: 'ccielab@groupstudy.com'
Onderwerp: Attack on Authentication Server
Hello ,
Iam facing a problem with my ACS , I have been using Cisco ACS for users
authentication of the various Routers, Access Servers and DSLAMs
From last fews days I notice that ACS is being flooded by requests for
authentication from the access servers and DSLAMs , when I check the logs
of
failed attempts in ACS , it says the user is trying to login from a aync
connection and for the matter of fact the DSLAMs are not having any
async
connections.
I tried to run Debug Modems and Debug Tacacs events on the DSLAMs ,I can
just see the that Modem is trying to come up on a TTY line and then
TACACS
authentication is trying to happen.
If would be of great help if anyone help me to solve this problem.
Thanks
Vishal
This archive was generated by hypermail 2.1.4 : Thu Dec 02 2004 - 06:57:50 GMT-3