The answer is the same, compromised unit or suspected compromise, the remedy is the same. I have since taken this unit off the network and purchased CCR1009-7G-1S+ 7x GE, 1x Combo, 1x SFP+, USB The unit worked OK for a week or so until once again admin + user accounts missing, I hardened security so that access for services was only granted to select number of ip’s I decided to reset and just before doing this I tried the default login (admin + no password ) and hey presto got access to the router, so I quickly opened “users” as I wanted to create a admin user account but on opening all of the admin+ user accounts were missing only the default “admin” was there, I opened the log file which I had set for 1000 lines to disk had about 2 weeks of log details but it didn’t have any entry for deleting admin users, or any modifications to the router, nothing unusual listed? I had a similar experience with a backhaul router CCR1009-7G-1C-1S+ running 6.45.6 where one morning I couldn't login - tried the several admin user accounts and still unable to login!Īt that stage I thought I had been locked out by a hacker!!
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |