[j-nsp] is it an attack or not?

Walaa Abdel razzak walaaez at bmc.com.sa
Mon Oct 19 01:15:58 EDT 2009


Hi

This was a temporary situation bcoz it was a mistake by the guy who deactivated them, he forgot to put them back :) but everything is normal now

The question here, how to verify that there is no script was put on it?

Best Regards,
Walaa Abdel Razzak

-----Original Message-----
From: sthaug at nethelp.no [mailto:sthaug at nethelp.no]
Sent: Sun 18/10/2009 22:27
To: Walaa Abdel razzak
Cc: jared at puck.nether.net; juniper-nsp at puck.nether.net
Subject: Re: [j-nsp] is it an attack or not?
 
> Actually, we had to deactivate the filter that was doing this for some time and during that time, we got the message in addition to the below messages
> 
> Oct  18 09:25:20  M320-01-re0 re1 mgd[33869]: %INTERACT-6-UI_JUNOSCRIPT_CMD: User 'root' used JUNOScript client to run command 'set-login-name login-name=Juniper123'
> Oct  18 09:25:20  M320-01-re0 re1 mgd[33869]: %INTERACT-6-UI_JUNOSCRIPT_CMD: User 'Juniper123' used JUNOScript client to run command 'commit-configuration'
> Oct  18 09:25:20  JED1-IGR-M320-01-re0 re1 mgd[33869]: %INTERACT-5-UI_COMMIT: User 'Juniper123' requested 'commit' operation (comment: none)

If you have an Internet-facing router and haven't protected it from
ssh/telnet/Junoscript etc coming from the Internet, you are *asking*
for trouble.

Steinar Haug, Nethelp consulting, sthaug at nethelp.no



More information about the juniper-nsp mailing list