Intrusion Prevention
Reply
New User
guaro
Posts: 3
Registered: ‎07-09-2010
0

multiple login failures

hi gurus

 

I am getting this on my ssg5 and I would like to know what is my next step in order to prevent this from happening, this is the first time I get this , so I am kind of lost here.

 

"Multiple login failures occurred for user root from IP address xx.xx.xx.xx:smileytongue:ort#"

 

Thanks a bunch for all your help

Distinguished Expert
spuluka
Posts: 2,566
Registered: ‎03-30-2009
0

Re: multiple login failures

This just means someone is attempting to login and failing.  You can expect to see these if you have any login methods enabled on the public interfaces.  Various port scanners will find the login prompt and run scripts to guess the password.

 

Only enable public interface login where really needed and use strong passwords when it is needed.

Steve Puluka BSEET
Juniper Ambassador
Senior Network Engineer - UPMC Pittsburgh, PA
JNCIA-ER JNCIA-EX JNCIS-SEC JNCIP-SEC
JNCIS-FWV JNCIS-SSL
MCP - Managing Server 2003 MCP - Windows XP Professional
MCTS Windows 7
http://puluka.com/home
Contributor
greenmug
Posts: 28
Registered: ‎08-21-2009
0

Re: multiple login failures

If you find the problem occur on internal interfaces it is worth checking if any automatic systems use the login. You may change the password but the system doesn't know this. For example, automated config backup services.

Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.