[j-nsp] is it an attack or not?

sthaug at nethelp.no sthaug at nethelp.no
Sun Oct 18 15:27:19 EDT 2009


> Actually, we had to deactivate the filter that was doing this for some time and during that time, we got the message in addition to the below messages
> 
> Oct  18 09:25:20  M320-01-re0 re1 mgd[33869]: %INTERACT-6-UI_JUNOSCRIPT_CMD: User 'root' used JUNOScript client to run command 'set-login-name login-name=Juniper123'
> Oct  18 09:25:20  M320-01-re0 re1 mgd[33869]: %INTERACT-6-UI_JUNOSCRIPT_CMD: User 'Juniper123' used JUNOScript client to run command 'commit-configuration'
> Oct  18 09:25:20  JED1-IGR-M320-01-re0 re1 mgd[33869]: %INTERACT-5-UI_COMMIT: User 'Juniper123' requested 'commit' operation (comment: none)

If you have an Internet-facing router and haven't protected it from
ssh/telnet/Junoscript etc coming from the Internet, you are *asking*
for trouble.

Steinar Haug, Nethelp consulting, sthaug at nethelp.no


More information about the juniper-nsp mailing list