We had a pretty bad scare a couple of weeks ago. We thought we had been compromised, but after some serious troubleshooting we came to find a bug on the Cisco controller software.
We have two 2504 anchor controllers on our DMZ that serve guests only. In our ACS logs we started noticing successful authentications by external sources with some of our known user accounts. It turned out that the controller was simply sending the incorrect remote address. We tested this on 7.6.130 and also on 8.0.110. Cisco was able to reproduce it quite easily. So there you go. In case you run into this, hopefully this will save you from freaking out like we did. Hector Rios Louisiana State University ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
