[cisco-voip] Strange rtmt alert
Balk, David
dbalk at nmh.org
Thu Mar 15 08:49:14 EDT 2012
You can see the host that is attempting the login in the syslog/system log of the hit server.
Message: : authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=XXX.XXX.XXX.XXX
David Balk
Network Analyst II
Northwestern Memorial Hospital
541 North Fairbanks
Chicago, Illinois 60611
Office: 312.926.2642
Pager: 312.921.9460
-----Original Message-----
From: cisco-voip-bounces at puck.nether.net [mailto:cisco-voip-bounces at puck.nether.net] On Behalf Of Erick
Sent: Wednesday, March 14, 2012 5:09 PM
To: cisco-voip
Subject: [cisco-voip] Strange rtmt alert
I'm getting the following from rtmt:
Alert - sshd(pam_unix)[12815]: check pass;user unknown
Is there any way to find out an IP or anything to identify the source of these failed logins?
_______________________________________________
cisco-voip mailing list
cisco-voip at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-voip
This message and any included attachments are intended only for the addressee. The information contained in this message is confidential and may constitute proprietary or non-public information under international, federal, or state laws. Unauthorized forwarding, printing, copying, distribution, or use of such information is strictly prohibited and may be unlawful. If you are not the addressee, please promptly delete this message and notify the sender of the delivery error by e-mail.
More information about the cisco-voip
mailing list