Question : Good Config for a Cisco SOHO 91 Router

Hey all,

I am having an issue with my new router and would GREATLY appreciate any help I can get! First off, I seem to have user accounts created in my router by CRWS that I did not create. Would it appear that I have been hacked?

Next, I would like to get a good config that I can use to secure my router. The current config has the 10.10.10.0 network as allowed, but I do not what that allowed... I am a newbie, so forgive any lack of info.... Here is my config, I have removed some info pertaining to my IP... notice the CRWS users that I did not create...

Router>#show running-config
Building configuration...

Current configuration : 4021 bytes
!
version 12.3
no service pad
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname Router
!
logging buffered informational
!
username CRWS_Venky privilege 15 password 7 03400A4F315E276D0A06480A24371B0D557F
79777C6461774A51
username CRWS_Gayatri privilege 15 password 7 15565A48337B2D056C3C642D2022060250
00080003045E564F41
username CRWS_Giri privilege 15 password 7 015757406C5A002E65431F062A2007135A5F5
57B7D7D7C61657A
username CRWS_Bijoy privilege 15 password 7 00404242330A0D274B2E1D413A3C15164652
5B5279727570
no aaa new-model
ip subnet-zero
ip dhcp excluded-address 172.16.30.1
!
ip dhcp pool CLIENT
import all
network 172.16.30.0 255.255.255.248
default-router 172.16.30.1
domain-name ph.cox.net
lease 0 2
!
!
ip cef
ip inspect name myfw cuseeme timeout 3600
ip inspect name myfw ftp timeout 3600
ip inspect name myfw rcmd timeout 3600
ip inspect name myfw realaudio timeout 3600
ip inspect name myfw smtp timeout 3600
ip inspect name myfw tftp timeout 30
ip inspect name myfw udp timeout 15
ip inspect name myfw tcp timeout 3600
ip inspect name myfw h323 timeout 3600
!
!
!
!
partition flash 2 6 2
!
!
!
!
interface Ethernet0
description CRWS Generated text. Please do not delete this:172.16.30.1-255.255.
255.248
ip address 172.16.30.1 255.255.255.248 secondary
ip address 10.10.10.1 255.255.255.0
ip nat inside
no cdp enable
hold-queue 32 in
!
interface Ethernet1
ip address dhcp client-id Ethernet1
ip access-group 101 in
ip nat outside
ip inspect myfw out
duplex auto
no cdp enable
!
ip nat inside source list 102 interface Ethernet1 overload
ip classless
ip http server
no ip http secure-server
!
access-list 23 permit 172.16.30.0 0.0.0.7
access-list 23 permit 10.10.10.0 0.0.0.255
access-list 101 permit icmp any any administratively-prohibited
access-list 101 permit icmp any any echo
access-list 101 permit icmp any any echo-reply
access-list 101 permit icmp any any packet-too-big
access-list 101 permit icmp any any time-exceeded
access-list 101 permit icmp any any traceroute
access-list 101 permit icmp any any unreachable
access-list 101 permit udp any eq bootps any eq bootpc
access-list 101 permit udp any eq bootps any eq bootps
access-list 101 permit udp any eq domain any
access-list 101 permit esp any any
access-list 101 permit udp any any eq isakmp
access-list 101 permit udp any any eq 10000
access-list 101 permit tcp any any eq 1723
access-list 101 permit tcp any any eq 139
access-list 101 permit udp any any eq netbios-ns
access-list 101 permit udp any any eq netbios-dgm
access-list 101 permit gre any any
access-list 101 deny ip any any log
access-list 102 permit ip 172.16.30.0 0.0.0.7 any
access-list 111 permit icmp any any administratively-prohibited
access-list 111 permit icmp any any echo
access-list 111 permit icmp any any echo-reply
access-list 111 permit icmp any any packet-too-big
access-list 111 permit icmp any any time-exceeded
access-list 111 permit icmp any any traceroute
access-list 111 permit icmp any any unreachable
access-list 111 permit udp any eq bootps any eq bootpc
access-list 111 permit udp any eq bootps any eq bootps
access-list 111 permit udp any eq domain any
access-list 111 permit esp any any
access-list 111 permit udp any any eq isakmp
access-list 111 permit udp any any eq 10000
access-list 111 permit tcp any any eq 1723
access-list 111 permit tcp any any eq 139
access-list 111 permit udp any any eq netbios-ns
access-list 111 permit udp any any eq netbios-dgm
access-list 111 permit gre any any
access-list 111 deny ip any any log
no cdp run
route-map icmp deny 10
!
!
line con 0
exec-timeout 120 0
no modem enable
stopbits 1
line aux 0
line vty 0 4
access-class 23 in
exec-timeout 120 0
login local
length 0
!
scheduler max-task-time 5000
!
end

Thank you!

Answer : Good Config for a Cisco SOHO 91 Router

The good news is you have not been hacked. The bad news is you are closing the CRWS sessions incorrectly.

This article does not specifically mention your router but it does apply.

http://www.cisco.com/en/US/products/hw/routers/ps380/products_field_notice09186a00800e9476.shtml

I would also turn off the web server on the router and either console ot telnet into the router.
You can safely delete thos users without fear.

Random Solutions

Remote control agent fail; can't get on network

Packets capturing

IP address ranges for Canadian PROVINCES

Asterisk / FreePBX + FollowMe

networking in unix

Windows XP Winsock missing after Office 2000 installation.

Convert X.509 certificate in binary format .cer to encapsulated in text .crt

Changing Registry Permissions with SubInACL.exe - Part 2

How do I monitor a networked broadband connection?