07-09-2010 08:06 AM
I am getting this on my ssg5 and I would like to know what is my next step in order to prevent this from happening, this is the first time I get this , so I am kind of lost here.
"Multiple login failures occurred for user root from IP address xx.xx.xx.xxort#"
Thanks a bunch for all your help
07-10-2010 05:07 AM
This just means someone is attempting to login and failing. You can expect to see these if you have any login methods enabled on the public interfaces. Various port scanners will find the login prompt and run scripts to guess the password.
Only enable public interface login where really needed and use strong passwords when it is needed.
Senior IP Engineer - DQE Communications Pittsburgh, PA
JNCIA-ER JNCIA-EX JNCIS-SEC JNCIP-SEC JNCSP-SEC
JNCDA JNCDS-DC JNCDS-SEC
ACE PanOS 6
08-02-2010 09:09 AM
If you find the problem occur on internal interfaces it is worth checking if any automatic systems use the login. You may change the password but the system doesn't know this. For example, automated config backup services.