Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
113
Views
0
Helpful
1
Replies

OnPlus Agent - IP address Banned due to never-ending detection...

Kurt Schumacher
Level 1
Level 1

‎05-20-2011 11:55 AM

More massive problems with the NSS324:

The OnPlus Agent IP address is is banned just form the detection attempts - and even if the correct "driver" is applied, the agend PLG1000 does still continue to discover the NSS - without any Monitoring jobs added.

Scanning must STOP once the device is detected. Add an option ot re-scan for new services if required.

Obvious: Once banned, the remote access is rendered useless...

This is simply not acceptable! The OnPlus agentcan't be that agressive - neither duriong the initial discovery, nor _after_the device is discovered (and edited).

Think we discussed thihs all before during the Thunderbolt Beta...

Not good - not useable. Back to the desing board once more.

Tiring, isn't it?.

Happy Weekend,

-Kurt.

/ 87
TypeDateTimeUsersSource IPComputer nameContent
2011-05-20
4333
20:45:40System127.0.0.1localhost[Security] Access Violation from 10.10.1.31 with TCP (port=8080)
2011-05-20
4332
20:45:37System127.0.0.1localhost[Security] Access Violation from 10.10.1.31 with TCP (port=443)
2011-05-20
4331
20:43:49System127.0.0.1localhost[Security] Access Violation from 10.10.1.31 with TCP (port=139)
2011-05-20
4330
20:43:40System127.0.0.1localhost[Security] Access Violation from 10.10.1.31 with TCP (port=445)
2011-05-20
4329
20:42:23System127.0.0.1localhost[Security] Access Violation from 10.10.1.31 with TCP (port=9000)
2011-05-20
4328
20:42:02System127.0.0.1localhost[Security] Access Violation from 10.10.1.31 with UDP (port=1900)
2011-05-20
4327
20:39:46System127.0.0.1localhost[Security] Access Violation from 10.10.1.31 with TCP (port=8080)
2011-05-20
4326
20:39:43System127.0.0.1localhost[Security] Access Violation from 10.10.1.31 with TCP (port=443)
2011-05-20
4325
20:36:22System127.0.0.1localhost[Security] Access Violation from 10.10.1.31 with TCP (port=9000)
2011-05-20
4324
20:35:42System127.0.0.1localhost[Security] Access Violation from 10.10.1.31 with UDP (port=1900)
2011-05-20
4323
20:34:19System127.0.0.1localhost[Security] Access Violation from 10.10.1.31 with TCP (port=8080)
2011-05-20
4322
20:34:16System127.0.0.1localhost[Security] Access Violation from 10.10.1.31 with TCP (port=443)
2011-05-20
4321
20:33:52System127.0.0.1localhost[Security] Access Violation from 10.10.1.31 with TCP (port=139)
2011-05-20
4320
20:33:46System127.0.0.1localhost[Security] Access Violation from 10.10.1.31 with TCP (port=445)
2011-05-20
4319
20:29:22System127.0.0.1localhost[Security] Access Violation from 10.10.1.31 with TCP (port=9000)
2011-05-20
4318
20:29:08System127.0.0.1localhost[Security] Access Violation from 10.10.1.31 with TCP (port=8080)
2011-05-20
4317
20:29:04System127.0.0.1localhost[Security] Access Violation from 10.10.1.31 with TCP (port=443)
2011-05-20
4316
20:29:01System127.0.0.1localhost[Security] Access Violation from 10.10.1.31 with UDP (port=1900)
2011-05-20
4315
20:28:39System127.0.0.1localhost[Security] Access Violation from 10.10.1.31 with TCP (port=139)
2011-05-20
4314
20:28:30System127.0.0.1localhost[Security] Access Violation from 10.10.1.31 with TCP (port=445)
2011-05-20
4313
20:24:00System127.0.0.1localhost[Security] Access Violation from 10.10.1.31 with TCP (port=8080)
2011-05-20
4312
20:23:57System127.0.0.1localhost[Security] Access Violation from 10.10.1.31 with TCP (port=443)
2011-05-20
4311
20:23:36System127.0.0.1localhost[Security] Access Violation from 10.10.1.31 with TCP (port=139)
2011-05-20
4310
20:23:27System127.0.0.1localhost[Security] Access Violation from 10.10.1.31 with TCP (port=445)
2011-05-20
4309
20:23:22System127.0.0.1localhost[Security] Access Violation from 10.10.1.31 with TCP (port=9000)
2011-05-20
4308
20:22:50System127.0.0.1localhost[Security] Access Violation from 10.10.1.31 with UDP (port=1900)
2011-05-20
4307
20:18:02System127.0.0.1localhost[Security] Access Violation from 10.10.1.31 with TCP (port=8080)
2011-05-20
4306
20:17:59System127.0.0.1localhost[Security] Access Violation from 10.10.1.31 with TCP (port=443)
2011-05-20
4305
20:16:22System127.0.0.1localhost[Security] Access Violation from 10.10.1.31 with TCP (port=9000)
2011-05-20
4304
20:16:13System127.0.0.1localhost[Security] Access Violation from 10.10.1.31 with UDP (port=1900)
2011-05-20
4303
20:13:38System127.0.0.1localhost[Security] Access Violation from 10.10.1.31 with TCP (port=139)
2011-05-20
4302
20:13:29System127.0.0.1localhost[Security] Access Violation from 10.10.1.31 with TCP (port=445)
2011-05-20
4301
20:12:45System127.0.0.1localhost[Security] Access Violation from 10.10.1.31 with TCP (port=8080)
2011-05-20
4300
20:12:42System127.0.0.1localhost[Security] Access Violation from 10.10.1.31 with TCP (port=443)
2011-05-20
4299
20:11:51System127.0.0.1localhostAdd IP: [10.10.1.31] to ban list for 60 minutes.
0 Helpful
1 Reply 1

Kurt Schumacher
Level 1
Level 1

‎05-20-2011 12:17 PM

The following security setting on the NSS324 is in place:

1. Allow all IP addresses.

2. Network Access Protection enabled (in five minutes, ten access failures, block for one hour) for ssh, telnet, http/https,

Matter of facT: The access credentials for the NSS324 _are_ stored, regardless, the Agent does behave like hacked intruder system.

NEED URGENT FIX - WE CAN NOT DISABNLE ALL IDP SYSTEMS ON ALL THE NETWORK DEVICES HERE!

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents