[j-nsp] is it an attack or not?
Walaa Abdel razzak
walaaez at bmc.com.sa
Sun Oct 18 15:02:46 EDT 2009
Actually, we had to deactivate the filter that was doing this for some time and during that time, we got the message in addition to the below messages
Oct 18 09:25:20 M320-01-re0 re1 mgd: %INTERACT-6-UI_JUNOSCRIPT_CMD: User 'root' used JUNOScript client to run command 'set-login-name login-name=Juniper123'
Oct 18 09:25:20 M320-01-re0 re1 mgd: %INTERACT-6-UI_JUNOSCRIPT_CMD: User 'Juniper123' used JUNOScript client to run command 'commit-configuration'
Oct 18 09:25:20 JED1-IGR-M320-01-re0 re1 mgd: %INTERACT-5-UI_COMMIT: User 'Juniper123' requested 'commit' operation (comment: none)
Walaa Abdel Razzak
From: Jared Mauch [mailto:jared at puck.nether.net]
Sent: Sun 18/10/2009 21:08
To: Walaa Abdel razzak
Cc: <juniper-nsp at puck.nether.net>
Subject: Re: [j-nsp] is it an attack or not?
Do you filter ssh connections to authorized ip ranges?
On Oct 18, 2009, at 1:57 PM, "Walaa Abdel razzak" <walaaez at bmc.com.sa>
> Hi Experts
> I am getting this message on my router log, is it means an attack or
> something perforemed by router itself:
> Oct 18 09:25:16 M320-01-re0 re1 mgd: %INTERACT-6-
> UI_JUNOSCRIPT_CMD: User '(unauthenticated user)' used JUNOScript
> client to run command 'request-authentication user=root logname=root
> host=M320-01-re0 agent=mgd current-directory=/var/tmp pid=62180
> Best Regards,
> Walaa Abdel Razzak
> juniper-nsp mailing list juniper-nsp at puck.nether.net
More information about the juniper-nsp