[c-nsp] debug to see what IP is trying to log in via telnet
Erik Soosalu
erik.soosalu at calyxinc.com
Wed Feb 23 15:43:58 EST 2011
This seems to come back with the info in the log:
login on-failure log
sh log shows this:
Feb 23 15:39:53.667: %SEC_LOGIN-4-LOGIN_FAILED: Login failed [user: ] [Source: X.X.X.X] [localport: 23] [Reason: Login Authentication Failed] at 15:39:53 EST Wed Feb 23 2011
Thanks,
Erik
-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Alan Buxey
Sent: Wednesday, February 23, 2011 3:22 PM
To: Greg Whynott
Cc: cisco-nsp at puck.nether.net
Subject: Re: [c-nsp] debug to see what IP is trying to log in via telnet
Hi,
> wouldn't the IP of the host it speaks of in the logs? or does it just say "failed log in from somewhere out on the network"…?
>
> my logs have a src…
>
> %SEC-6-IPACCESSLOGP: list denied tcp 88.243.16.148(3900) -> 10.142.7.1(23), 1 packet
the device is on a legit bit of network so will be allowed by the
current VTY/management plane ACLs ... AAA system sees query from the switch
not from the originator of the login. its trivial i know that (which
is the frustrating part! :-) )
however, scanning some login/security docs on cisoc.com tonight
has been a nice refresher of some other things that need to be put onto
a work schedule! :-)
alan
_______________________________________________
cisco-nsp mailing list cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
More information about the cisco-nsp
mailing list