[j-nsp] Strange LOGIN_FAILED message

Manu Chao linux.yahoo at gmail.com
Tue Jul 21 11:20:07 EDT 2009 

a bot is trying to access on your box


On Tue, Jul 21, 2009 at 5:10 PM, <david.roy at orange-ftgroup.com> wrote:

>
> Hi all,
>
> I've a lot messages regarding a "user 4" : see after
>
> show log message
> Jul 21 16:18:50  myrouter login: LOGIN_PAM_AUTHENTICATION_ERROR: PAM
> authentication error for user 4
> Jul 21 16:18:50  myrouter login: LOGIN_FAILED: Login failed for user 4
> from host
> Jul 21 16:24:25  myrouter login: LOGIN_PAM_AUTHENTICATION_ERROR: PAM
> authentication error for user 4
> Jul 21 16:24:25  myrouter login: LOGIN_FAILED: Login failed for user 4
> from host
> Jul 21 16:30:00  myrouter login: LOGIN_PAM_AUTHENTICATION_ERROR: PAM
> authentication error for user 4
> Jul 21 16:30:00  myrouter login: LOGIN_FAILED: Login failed for user 4
> from host
> Jul 21 16:35:35  myrouter login: LOGIN_PAM_AUTHENTICATION_ERROR: PAM
> authentication error for user 4
> Jul 21 16:35:35  myrouter login: LOGIN_FAILED: Login failed for user 4
> from host
> Jul 21 16:41:10  myrouter login: LOGIN_PAM_AUTHENTICATION_ERROR: PAM
> authentication error for user 4
> Jul 21 16:41:10  myrouter login: LOGIN_FAILED: Login failed for user 4
> from host
>
> This message is usually logged when the authentication of a telnet
> session failed. But, here I don't have a user named "4". Moreover this
> message is periodic : every 5min35s and I don't have information
> regarding to the host. Usually we've the IP address :
>
> Jul 21 16:41:10  myrouter login: LOGIN_PAM_AUTHENTICATION_ERROR: PAM
> authentication error for user DAVID
> Jul 21 16:41:10  myrouter login: LOGIN_FAILED: Login failed for user
> DAVID from host 10.10.10.10
>
> I tried to catch the TCP telnet session info, but there is no telnet
> session when this message is logged !  So it's seems that it's an
> internal process that generates it !
>
> Did you experience this kind of message ?
>
> Thank you
> Regards,
> David
>
>
> *********************************
> This message and any attachments (the "message") are confidential and
> intended solely for the addressees.
> Any unauthorised use or dissemination is prohibited.
> Messages are susceptible to alteration.
> France Telecom Group shall not be liable for the message if altered,
> changed or falsified.
> If you are not the intended addressee of this message, please cancel it
> immediately and inform the sender.
> ********************************
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>

More information about the juniper-nsp mailing list