07-09-2010 08:06 AM
I am getting this on my ssg5 and I would like to know what is my next step in order to prevent this from happening, this is the first time I get this , so I am kind of lost here.
"Multiple login failures occurred for user root from IP address xx.xx.xx.xxort#"
Thanks a bunch for all your help
07-10-2010 05:07 AM
This just means someone is attempting to login and failing. You can expect to see these if you have any login methods enabled on the public interfaces. Various port scanners will find the login prompt and run scripts to guess the password.
Only enable public interface login where really needed and use strong passwords when it is needed.
Senior IP Engineer - DQE Communications Pittsburgh, PA
JNCIA-ER JNCIA-EX JNCIS-SEC JNCIP-SEC JNCSP-SEC
JNCIS-FWV JNCIS-SSL JNCDA
ACE PanOS 6
MCP - Managing Server 2003 MCP - Windows XP Professional
MCTS Windows 7
08-02-2010 09:09 AM
If you find the problem occur on internal interfaces it is worth checking if any automatic systems use the login. You may change the password but the system doesn't know this. For example, automated config backup services.