[j-nsp] is it an attack or not?

Walaa Abdel razzak walaaez at bmc.com.sa
Mon Oct 19 01:12:58 EDT 2009


Hi Tarique

Is it related to J-Web only or can be used for another tasks, this is bcoz we are not running the J-Web on this router. 

Best Regards,
Walaa Abdel Razzak
-----Original Message-----
From: Nalkhande Tarique Abbas [mailto:ntarique at juniper.net]
Sent: Mon 19/10/2009 05:31
To: Walaa Abdel razzak; Jared Mauch
Cc: juniper-nsp at puck.nether.net
Subject: RE: [j-nsp] is it an attack or not?
 

Greetings Walaa,

These messages are normal. The user is authenticated and it is not an
indication of a breach of the router's security.

Basically, JWeb logins appear as a JUNOScript client '(unauthenticated
user)'. The JWeb client uses JUNOScript to log the username/password
that was entered at the JWeb prompt. The username and password are
authenticated thereafter.

Have a look here,
http://kb.juniper.net/index?page=content&id=KB12783


 
Thanks & Regards,
Tarique A. Nalkhande

-----Original Message-----
From: juniper-nsp-bounces at puck.nether.net
[mailto:juniper-nsp-bounces at puck.nether.net] On Behalf Of Walaa Abdel
razzak
Sent: Monday, October 19, 2009 12:33 AM
To: Jared Mauch
Cc: juniper-nsp at puck.nether.net
Subject: Re: [j-nsp] is it an attack or not?

Hi

Actually, we had to deactivate the filter that was doing this for some
time and during that time, we got the message in addition to the below
messages

Oct  18 09:25:20  M320-01-re0 re1 mgd[33869]:
%INTERACT-6-UI_JUNOSCRIPT_CMD: User 'root' used JUNOScript client to run
command 'set-login-name login-name=Juniper123'
Oct  18 09:25:20  M320-01-re0 re1 mgd[33869]:
%INTERACT-6-UI_JUNOSCRIPT_CMD: User 'Juniper123' used JUNOScript client
to run command 'commit-configuration'
Oct  18 09:25:20  JED1-IGR-M320-01-re0 re1 mgd[33869]:
%INTERACT-5-UI_COMMIT: User 'Juniper123' requested 'commit' operation
(comment: none)

Best Regards,
Walaa Abdel Razzak

-----Original Message-----
From: Jared Mauch [mailto:jared at puck.nether.net]
Sent: Sun 18/10/2009 21:08
To: Walaa Abdel razzak
Cc: <juniper-nsp at puck.nether.net>
Subject: Re: [j-nsp] is it an attack or not?
 
Do you filter ssh connections to authorized ip ranges?

Jared Mauch

On Oct 18, 2009, at 1:57 PM, "Walaa Abdel razzak" <walaaez at bmc.com.sa>  
wrote:

> Hi Experts
>
> I am getting this message on my router log, is it means an attack or  
> something perforemed by router itself:
>
> Oct  18 09:25:16  M320-01-re0 re1 mgd[33869]: %INTERACT-6- 
> UI_JUNOSCRIPT_CMD: User '(unauthenticated user)' used JUNOScript  
> client to run command 'request-authentication user=root logname=root  
> host=M320-01-re0 agent=mgd current-directory=/var/tmp pid=62180  
> ppid=1145'
>
> Best Regards,
> Walaa Abdel Razzak
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp

_______________________________________________
juniper-nsp mailing list juniper-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp



More information about the juniper-nsp mailing list