[j-nsp] is it an attack or not?
Walaa Abdel razzak
walaaez at bmc.com.sa
Mon Oct 19 01:15:58 EDT 2009
Hi
This was a temporary situation bcoz it was a mistake by the guy who deactivated them, he forgot to put them back :) but everything is normal now
The question here, how to verify that there is no script was put on it?
Best Regards,
Walaa Abdel Razzak
-----Original Message-----
From: sthaug at nethelp.no [mailto:sthaug at nethelp.no]
Sent: Sun 18/10/2009 22:27
To: Walaa Abdel razzak
Cc: jared at puck.nether.net; juniper-nsp at puck.nether.net
Subject: Re: [j-nsp] is it an attack or not?
> Actually, we had to deactivate the filter that was doing this for some time and during that time, we got the message in addition to the below messages
>
> Oct 18 09:25:20 M320-01-re0 re1 mgd[33869]: %INTERACT-6-UI_JUNOSCRIPT_CMD: User 'root' used JUNOScript client to run command 'set-login-name login-name=Juniper123'
> Oct 18 09:25:20 M320-01-re0 re1 mgd[33869]: %INTERACT-6-UI_JUNOSCRIPT_CMD: User 'Juniper123' used JUNOScript client to run command 'commit-configuration'
> Oct 18 09:25:20 JED1-IGR-M320-01-re0 re1 mgd[33869]: %INTERACT-5-UI_COMMIT: User 'Juniper123' requested 'commit' operation (comment: none)
If you have an Internet-facing router and haven't protected it from
ssh/telnet/Junoscript etc coming from the Internet, you are *asking*
for trouble.
Steinar Haug, Nethelp consulting, sthaug at nethelp.no
More information about the juniper-nsp
mailing list