Just a moment ago I ran the who command on my router and I noticed myself logged in on vty 1 but another user root was on vty 0. The Location under that user is some location I do not know (someone from klayer.com). But the strange thing is that I do not see any root user in the running-config. If I run show running-config | i username then I only get the two names that have been configured, me and another guy who has access (this is not him logged in as root) but no user named root. How can this be?
I am afraid that I have been hacked and if that is the case then I need to know how to disable this account, and if I can't see it in the running-config then I guess it is not possible to disable it or change the password on it by normal means.
Is this perhaps some dummy account?
EDIT:
after running who a few times I get this:
ROUTER#show users
Line User Host(s) Idle Location
132 vty 0 dummy idle 00:00:02
104.143.47.64.static.klayer.com
*133 vty 1 xxx idle 00:00:00 mydomain
Interface User Mode Idle Peer Address
ROUTER#show users
Line User Host(s) Idle Location
132 vty 0 ebooks idle 00:00:03
104.143.47.64.static.klayer.com
*133 vty 1 xxx idle 00:00:00 mydomain
Interface User Mode Idle Peer Address
ROUTER#show users
Line User Host(s) Idle Location
132 vty 0 ec2 idle 00:00:02
104.143.47.64.static.klayer.com
*133 vty 1 xxx idle 00:00:00 mydomain
Interface User Mode Idle Peer Address
ROUTER#show users
Line User Host(s) Idle Location
132 vty 0 idle 00:00:01
104.143.47.64.static.klayer.com
*133 vty 1 xxx idle 00:00:00 mydomain
Is this just tries to get into my router? I can see the user name changing from dummy to ebooks to ec2 to nothing, just like he is trying to log in.
Does the show users/who commands show unsuccessfull tries as vty lines?
