[j-nsp] is it an attack or not?

[Walaa Abdel razzak]

Hi

Actually, we had to deactivate the filter that was doing this for some time and during that time, we got the message in addition to the below messages

Oct  18 09:25:20  M320-01-re0 re1 mgd[33869]: %INTERACT-6-UI_JUNOSCRIPT_CMD: User 'root' used JUNOScript client to run command 'set-login-name login-name=Juniper123'
Oct  18 09:25:20  M320-01-re0 re1 mgd[33869]: %INTERACT-6-UI_JUNOSCRIPT_CMD: User 'Juniper123' used JUNOScript client to run command 'commit-configuration'
Oct  18 09:25:20  JED1-IGR-M320-01-re0 re1 mgd[33869]: %INTERACT-5-UI_COMMIT: User 'Juniper123' requested 'commit' operation (comment: none)

Best Regards,
Walaa Abdel Razzak

-----Original Message-----
From: Jared Mauch [mailto:jared at puck.nether.net]
Sent: Sun 18/10/2009 21:08
To: Walaa Abdel razzak
Cc: <juniper-nsp at puck.nether.net>
Subject: Re: [j-nsp] is it an attack or not?
 
Do you filter ssh connections to authorized ip ranges?

Jared Mauch

On Oct 18, 2009, at 1:57 PM, "Walaa Abdel razzak" <walaaez at bmc.com.sa>  
wrote:

> Hi Experts
>
> I am getting this message on my router log, is it means an attack or  
> something perforemed by router itself:
>
> Oct  18 09:25:16  M320-01-re0 re1 mgd[33869]: %INTERACT-6- 
> UI_JUNOSCRIPT_CMD: User '(unauthenticated user)' used JUNOScript  
> client to run command 'request-authentication user=root logname=root  
> host=M320-01-re0 agent=mgd current-directory=/var/tmp pid=62180  
> ppid=1145'
>
> Best Regards,
> Walaa Abdel Razzak
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp