Cisco Firewall :: Webserver Hacked Behind ASA 5510
Apr 24, 2011
I have one webserver which open for public via http and https. The server sit behind Cisco ASA 5510. Today our webserver have been hacked by someone. The index.html has been replaced by hacker own index.html file. Is it anyway to detect who did (by IP) this? is my Cisco ASA can give any clue about it? How to prevent from this happening in Cisco ASA? FYI, my ASA only allow HTTP and HTTPS port from outside to internal. This ASA is solely dedicated to protect the webserver.
View 3 Replies
ADVERTISEMENT
Dec 18, 2012
I have the syntax correct and thought process down right on a solution to allowing guest wireless users access to an internal webserver. (DMZ discussion aside)
We have an ASA5510 with interfaces setup as:
outside - 65.x.x.x address
inside - 172.20.1.2
guest_inet - 10.2.1.1
Internally clients resolve our website to 192.168.40.40 and that part works as it should. Clients outside of our network resolve our website to the correct external address (lets just call it 1.1.1.1). We have a NAT statement static (inside, outside) 1.1.1.1 192.168.40.40 netmask 255.255.255.255 and an ACL to permit tcp any host 1.1.1.1 eq www
Clients on our guest_int use an external DNS server and hence resolve our website to 1.1.1.1. However it seems traffic goes out and back in our outside interface and this connection never occurs.
What I'm wondering is the correct NAT statement / ACL to add that would allow our internal clients on the 10.2.1.x network to access our internal website. Would that be: static (inside,guest_inet) 1.1.1.1 192.168.40.40 netmask 255.255.255.255 ? Since there is already an ACL permitting port 80 traffic to 1.1.1.1 we should be taken care of on the ACL side of things, right?
View 3 Replies
View Related
Mar 20, 2011
ASA 5510I'm trying to add a static NAT for to allow access to an internal webserver on my DMZ. I've added the config, however i'm still unable to get to it from the outside. I'm able to ping and browse the server from the LAN and I'm also able to ping the external interafce from the outside, but just unable to browse.I've turned on logging and the error I'm getting is "Inbound TCP connection denied...flags SYN on interface outside"
View 0 Replies
View Related
Nov 13, 2012
We have a costumer who has an asterix PBX behind an ASA i configured, the PBX i did not configure, we have several customers with the same setup. Today we have noticed that there PBX got hacked and was making calls to very expensive phone extensions. The guy who configured the PBX is saying that its the ASA who got hacked. In my opinion it is not the ASA that got hacked but i think there is something going on on the internal network.
They from th PBX says when he scans the IP of the customer who got hacked he sees port 5060 sip is open. but in the ASA ther is no port forwarding on that port, how is this possible?I also scanned it myself and it says port 5060 is open, which is weird because there is no port forwarding on port 5060.
View 11 Replies
View Related
May 14, 2012
We're running three networks (inside, outside and dmz). Inside is 10.0.1.0/24, dmz is 10.0.2.0/24, outside is a static ip allocated by our ISP. We'd like to configure the following:All traffic from the outside to [static provider ip] on port 80 should go to 10.0.2.200 port 8080.
View 14 Replies
View Related
Aug 17, 2011
I've tried to get my head around this but beeing used to Juniper and Watchguard devices I just can't get my home webserver published to the outside interface.I have a ASA5505 with ASA version 8.4 and ASDM version 6.4 and the basic license.
Outside interface is X.X.X.32/255.255.255.248 so I have 5 static IP:s on my external interface, .34 is in use for the outside interface.
Inside 10.10.10.0/25
DMZ 10.0.0.0/24
I have a webserver in DMZ located at 10.0.0.253 and would like to publish it to the external IP X.X.X.35.I've tried to make the static NAT but every time I do either nothing goes in or out of the DMZ zone or you can't access the webserver from the outside interface.Right now I deleted all trials since none of them work so only the basic config is applied. Everything get's NAT:ed to the external interface .34 IP.
View 4 Replies
View Related
Mar 12, 2011
my private ip add is been hacked by someone, I have chk from various sites but the host name is unavailable so pls let me know how to get the host name of that pc & how can i get my ip 10.62.11.33 back to my org
View 1 Replies
View Related
Apr 9, 2012
I share my internet connection with my roommate who is very tech savvy. I found out yesterday that he has been hacking into my gmail account and reading my emails. I didn't think it was quite possible and I'm very surprised. He manages the internet connection and has full access/control over it.what can I do to prevent him from accessing my information?
View 3 Replies
View Related
Aug 23, 2012
is there anything I can do to prevent this? My last password was yUe!k837A!*5L^PcWgw@H06^ using WPA2-PSK [AES] and they still get through? I turned on the allow list to only allow certain devices through and they somehow add themselves to this list as well? WTF?
View 10 Replies
View Related
Feb 2, 2011
How can I make sure I'm not being hacked by a jerk neighbor? Until recently his D-Link repeaters IP addresses showed up on my T Mobile tethered connection.
View 3 Replies
View Related
Oct 1, 2012
configuring an ACL for a 857 Cisco router for web-server traffic. I've configured a NAT for the inside network and added ACL entries for port 80 access but dont seem to have any luck accessing the website remotely. I suspect there's an ACL rule blocking access.
Setup Internet === Router === Webserver
Router address: 10.0.10.1 Web-server address: 10.0.10.77IP from ISP address: XXX.XXX.XXX.XXX
(masked for security)
View 2 Replies
View Related
Sep 6, 2011
The remote office is connected to hq via site to site vpn. I have 1 static IP (on the remote site)that I use for the site to site. I need to publish a web server at the remote site. My question is can I use the same IP for VPN and web server publishing, I am having trouble getting the web server to publish
View 2 Replies
View Related
Mar 7, 2011
I have the same problem connecting my sl2-141 siemens router to thomphson cable modem. What I have heard is that the router can be hacked throw the profile.xml file,one can change the connecting type to "dynamic ip",what i need to know is what entry in the profile.xml file t5o change to what value.
View 6 Replies
View Related
Dec 16, 2011
I have been fighting with a wireless network hacker for months with no success. I have tried reloading Windows XP. but the reload contains things like Redhat and linux programs that do not even exist on my xp install disk. How can I find this wireless hacker and h9ow can I get rid of his control programs?
View 7 Replies
View Related
Jan 20, 2011
How can I change my linksys router password because i would like only me the one who,s using my connection because somebody hack my password!
View 1 Replies
View Related
Jan 27, 2012
I am in a problem, my modem gets hacked everyday, such that many of the sites do not open and only "http://212.113.36.83/" opens instead of sites like yahho.com, sify.com. I checked on internet many people are facing such issue.Only thing I can do to resolve this is to reset my modem, but still this gets hacked even on changing my password.I am not able to understand how is it possible to modify the settings of modem when I have changed the password.Modem Model: Beetel 220BX.
View 5 Replies
View Related
Feb 28, 2013
I have my webserver (30.30.30.50) located at DMZ zone. The public IP of my webserver is (119.2.116.191). From outside i can ping my webserver using public IP thats fine.The issue out here is, if i want to ping my webserver using public IP from Internal LAN then i cannot ping but i can ping my webserver using private IP.I am using ASA5520. [code]
View 2 Replies
View Related
May 28, 2012
I cant remember my password and i lost my cd installer. someone hacked my internet line< I want to change my password but cannot get through the router mainframe.How can I access my router?
View 3 Replies
View Related
Dec 20, 2011
Im currently working on setting up a small network at home. I have a Dell 2716 and a dell 2650 server running windows server 2003. Ive already setup the dns and domain controller on my server. I have 3 desktops that will connect to the server. so far I have the following setup. ISP---> Dell 2716 --->dell 2650/ computers. I set the computers prefered dns to the servers ip. Im able to join the domain and log in but is there a better way to set it up. Also the server and computers are set to static ip.
View 2 Replies
View Related
Apr 12, 2012
I am running a webserver locally and I am unable to resolve it by domain name (e.g. mydomain.com) when I am inside my network. However, I am able to hit it internally (e.g. 192.168.0.10) just fine. When I try to access mydomain.com from inside my network it comes up with my Actiontec router's admin page on 192.168.1.1.Here is my configuration:Actiontec FIOS router 192.168.1.1 (connected to internet)DHCP disabled Netgear Router 192.168.1.2 is in the DMZHas cable running from Actiontec's LAN port to Netgear's WAN port[CODE]
View 7 Replies
View Related
Feb 17, 2013
I am running a websever on virtual machine on ubuntu .how can i forward all traffic coming to my ip to virtual machine which is 192.168.1.4 on my LAN.here are my configs.
OS - Windows 7
Router - DLink
Virtual machine network Setting - Bridged adapter.
View 19 Replies
View Related
Jul 23, 2011
I have a sg300-10 switch. i update the firmware with the last one. Things are complicated when i create 2 VLAN. ( really 1 VLAN cause the first is native ).So i have the first VLAN with the interface 192.168.1.254 ans the VLAN 2 wich IP is 192.168.2.254
I'm connected with my workstation ( ip : 192.168.1.2/24 with GW 192.168.1.254 ) and i try to ping a web server on VLAN 2 ( ip : 192.168.2.2/24 GW 192.168.2.254 )
Ping is OK ! But when i try to reach any ports of the webserver : Nothing.
View 11 Replies
View Related
Sep 14, 2011
I configurated ipsec remote vpn at catalyst 6500.
192.168.14.0/24-- my servers are assigned this subnet
vpn user:10.10.10.0/24
192.168.10.229 ---- webserver ip address
[code]...
View 3 Replies
View Related
Apr 2, 2012
I've configure two ACE 4700 in a SLB modus http to a web server.To understand how the ACE works and to see if all are ok, I want to test it? but how?
How do I do to initiate a http connection between my test pc to the webserver through the ACE?
View 5 Replies
View Related
Sep 20, 2011
I have home network with my Linksys E-4200.
My HP Microserver (Ubuntu +Samba+Apache) is connected via LAN. I have notebook (Windows 7). To my server (FILE+WEB) I have access only when I connected via LAN cable. In windows 7 i see my server and have access to the files. Webserver works also properly: access with the name of the server in web browser.
But by WiFI connection, there is no access ! The server has the reserved local IP-address, like 192.168.1.200.
What should I do to solve it? By typing "192.168.1.200" i see the localhost page, but nothing more!
View 2 Replies
View Related
Feb 26, 2013
I have some problem with the ASA 5510 ver 7.0(6). My manager wants to keep this as backup. tried lots of things but still users not able to access internet nor can i ping anywhere.For example when i ping 4.2.2.2 i dont get any reply.The runing config is below for ur ref :
HQ-ASA-01# show running-config
: Saved
:
[Code]......
View 9 Replies
View Related
Feb 5, 2012
I need to create a firewalled segment that not only separates hosts from general population, but also from each other. The solitary confinement of firewalled segments.I know that I could create a bunch of sub-interfaces, one for each host or group that needs to be isolated, but I'd really rather not have to do that if possible. 1) It could become a management nightmare between ACLs and sub-interfaces and 2) it's a waste of IP addresses.s there any way that I can create a bunch of separate VLANs behind the firewall and have them all terminate at the firewall, using a single firewall IP address for the gateway?
VLAN 1 - hosts 1.1.1.5 and 1.1.1.6VLAN 2 - hosts 1.1.1.7
Firewall DMZ Interface - 1.1.1.1VLAN 3 - hosts 1.1.1.8 and 1.1.1.9
This way, the hosts are isolated and can't talk to each other unless they're on the same VLAN.I'm working with an ASA 5510 running 8.2.4(4).
View 1 Replies
View Related
Jun 22, 2011
I have a ASA 5510 firewall with CSC module and Security Plus license for CSC module.Will you tell me how to configure my firewall to send emails to particular mail ID when someone login into the firewall or any virus attacks from outside.
View 6 Replies
View Related
Apr 24, 2012
We were having a discussion of ios firewall vs. asa for smaller clients(less than 50). On using ios firewall(zbf or cbac)and an asa 5505/5510. One of the arguments brought up on using ios firewall on the router is that a router will do an ip sla failover. I have configured a number of isr's for this and i know it works good.
View 1 Replies
View Related
Oct 20, 2012
I would just like to to open UDP port 123 in the ASA 5510 Firewall so that our Primary Domain Controller could use this port to sync time with an external time source. We have already added an access rule for this port under the firewall configuration in ASDM 6.4 and this port was also allowed in the inbound and outbound rule of the PDC's Firewall but it seems that it was still blocked.
View 23 Replies
View Related
Nov 15, 2012
I am quite new to firewall, in my company one asa 5510 firewall is there.I configured inside, outside, dns, dhcp and nating.I need to config bandwidth limit (1Mbps) for inside port and I restruct like facebook, youtube and pornsites..And I heard that some subscription is required, really is it required?
View 1 Replies
View Related
May 21, 2013
I have an ASA 5510 in a live environment. Up til a short while ago I could access this via the ASDM and ssh. However I can no longer connect to it via eithier. When I access It via SSH I get a disclaimer saying the following
*** You have entered a restricted zone! Authorized access only!!! Disconnect immediately if you are not authorized user! ***
It then cuts me off.
When I try to access the ASDM I get the following
The firewall is running all its services without a problem and I can ping the device without any issues. Also none of the config (to my knpowledge has been changed). I set up a console session and http server enable is still there with
http 192.168.200.0 255.255.255.0 inside
View 4 Replies
View Related
Nov 21, 2011
I have just configured identity firewall on our ASA 5510.I have 3 nodes that authenticates against Active Directory, using the Windows Server 2008 R2 builtin Network Policy Server: A laptop, a stationary PC, and a Android Phone. All 3 nodes are authenticated using the same user/password.
Now, in ASDM -> Monitoring -> Properties -> Identity -> Users, I can see two of the nodes with my user name attached to it, namely the laptop and the stationary PC.But not the Android phone.
Then it dawned on me. To set up the ADAgent properly, you have to apply 2 group policy entries. Unfortunately, those 2 entries are applied to the Computer Configuraton part of the Group Policy.This means that your COMPUTER has to be a member of your domain for USER IDENTITY to work.So my Android phone and other nodes not a member of the AD Machine Store will never be detected by identity rules, and can roam the network free.
View 2 Replies
View Related
