Intrusion Prevention
Blogs
Discussion Forums
Programs & Events
turn on suggestions Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Reply
Topic Options
guaro
New User
guaro
Posts: 3
Registered: ‎07-09-2010
0

multiple login failures

Options

‎07-09-2010 08:06 AM

hi gurus

 

I am getting this on my ssg5 and I would like to know what is my next step in order to prevent this from happening, this is the first time I get this , so I am kind of lost here.

 

"Multiple login failures occurred for user root from IP address xx.xx.xx.xx:smileytongue:ort#"

 

Thanks a bunch for all your help

Message 1 of 3 (4,543 Views)
 
Reply
Distinguished Expert
Distinguished Expert
spuluka
Posts: 1,613
Registered: ‎03-30-2009
0

Re: multiple login failures

Options

‎07-10-2010 05:07 AM

This just means someone is attempting to login and failing.  You can expect to see these if you have any login methods enabled on the public interfaces.  Various port scanners will find the login prompt and run scripts to guess the password.

 

Only enable public interface login where really needed and use strong passwords when it is needed.

Steve Puluka BSEET
Juniper Ambassador
Senior Network Engineer
JNCIA-ER JNCIA-EX JNCIS-SEC JNCIP-SEC
JNCIS-FWV JNCIS-SSL
MCP - Managing Server 2003 MCP - Windows XP Professional
MCTS Windows 7
http://puluka.com/home
Message 2 of 3 (4,528 Views)
 
Reply
greenmug
Contributor
greenmug
Posts: 28
Registered: ‎08-21-2009
0

Re: multiple login failures

Options

‎08-02-2010 09:09 AM

If you find the problem occur on internal interfaces it is worth checking if any automatic systems use the login. You may change the password but the system doesn't know this. For example, automated config backup services.

Message 3 of 3 (4,460 Views)
 
Reply
Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.