05-20-2011 11:55 AM
More massive problems with the NSS324:
The OnPlus Agent IP address is is banned just form the detection attempts - and even if the correct "driver" is applied, the agend PLG1000 does still continue to discover the NSS - without any Monitoring jobs added.
Scanning must STOP once the device is detected. Add an option ot re-scan for new services if required.
Obvious: Once banned, the remote access is rendered useless...
This is simply not acceptable! The OnPlus agentcan't be that agressive - neither duriong the initial discovery, nor _after_the device is discovered (and edited).
Think we discussed thihs all before during the Thunderbolt Beta...
Not good - not useable. Back to the desing board once more.
Tiring, isn't it?.
Happy Weekend,
-Kurt.
Type | Date | Time | Users | Source IP | Computer name | Content |
2011-05-20 4333 | 20:45:40 | System | 127.0.0.1 | localhost | [Security] Access Violation from 10.10.1.31 with TCP (port=8080) | |
2011-05-20 4332 | 20:45:37 | System | 127.0.0.1 | localhost | [Security] Access Violation from 10.10.1.31 with TCP (port=443) | |
2011-05-20 4331 | 20:43:49 | System | 127.0.0.1 | localhost | [Security] Access Violation from 10.10.1.31 with TCP (port=139) | |
2011-05-20 4330 | 20:43:40 | System | 127.0.0.1 | localhost | [Security] Access Violation from 10.10.1.31 with TCP (port=445) | |
2011-05-20 4329 | 20:42:23 | System | 127.0.0.1 | localhost | [Security] Access Violation from 10.10.1.31 with TCP (port=9000) | |
2011-05-20 4328 | 20:42:02 | System | 127.0.0.1 | localhost | [Security] Access Violation from 10.10.1.31 with UDP (port=1900) | |
2011-05-20 4327 | 20:39:46 | System | 127.0.0.1 | localhost | [Security] Access Violation from 10.10.1.31 with TCP (port=8080) | |
2011-05-20 4326 | 20:39:43 | System | 127.0.0.1 | localhost | [Security] Access Violation from 10.10.1.31 with TCP (port=443) | |
2011-05-20 4325 | 20:36:22 | System | 127.0.0.1 | localhost | [Security] Access Violation from 10.10.1.31 with TCP (port=9000) | |
2011-05-20 4324 | 20:35:42 | System | 127.0.0.1 | localhost | [Security] Access Violation from 10.10.1.31 with UDP (port=1900) | |
2011-05-20 4323 | 20:34:19 | System | 127.0.0.1 | localhost | [Security] Access Violation from 10.10.1.31 with TCP (port=8080) | |
2011-05-20 4322 | 20:34:16 | System | 127.0.0.1 | localhost | [Security] Access Violation from 10.10.1.31 with TCP (port=443) | |
2011-05-20 4321 | 20:33:52 | System | 127.0.0.1 | localhost | [Security] Access Violation from 10.10.1.31 with TCP (port=139) | |
2011-05-20 4320 | 20:33:46 | System | 127.0.0.1 | localhost | [Security] Access Violation from 10.10.1.31 with TCP (port=445) | |
2011-05-20 4319 | 20:29:22 | System | 127.0.0.1 | localhost | [Security] Access Violation from 10.10.1.31 with TCP (port=9000) | |
2011-05-20 4318 | 20:29:08 | System | 127.0.0.1 | localhost | [Security] Access Violation from 10.10.1.31 with TCP (port=8080) | |
2011-05-20 4317 | 20:29:04 | System | 127.0.0.1 | localhost | [Security] Access Violation from 10.10.1.31 with TCP (port=443) | |
2011-05-20 4316 | 20:29:01 | System | 127.0.0.1 | localhost | [Security] Access Violation from 10.10.1.31 with UDP (port=1900) | |
2011-05-20 4315 | 20:28:39 | System | 127.0.0.1 | localhost | [Security] Access Violation from 10.10.1.31 with TCP (port=139) | |
2011-05-20 4314 | 20:28:30 | System | 127.0.0.1 | localhost | [Security] Access Violation from 10.10.1.31 with TCP (port=445) | |
2011-05-20 4313 | 20:24:00 | System | 127.0.0.1 | localhost | [Security] Access Violation from 10.10.1.31 with TCP (port=8080) | |
2011-05-20 4312 | 20:23:57 | System | 127.0.0.1 | localhost | [Security] Access Violation from 10.10.1.31 with TCP (port=443) | |
2011-05-20 4311 | 20:23:36 | System | 127.0.0.1 | localhost | [Security] Access Violation from 10.10.1.31 with TCP (port=139) | |
2011-05-20 4310 | 20:23:27 | System | 127.0.0.1 | localhost | [Security] Access Violation from 10.10.1.31 with TCP (port=445) | |
2011-05-20 4309 | 20:23:22 | System | 127.0.0.1 | localhost | [Security] Access Violation from 10.10.1.31 with TCP (port=9000) | |
2011-05-20 4308 | 20:22:50 | System | 127.0.0.1 | localhost | [Security] Access Violation from 10.10.1.31 with UDP (port=1900) | |
2011-05-20 4307 | 20:18:02 | System | 127.0.0.1 | localhost | [Security] Access Violation from 10.10.1.31 with TCP (port=8080) | |
2011-05-20 4306 | 20:17:59 | System | 127.0.0.1 | localhost | [Security] Access Violation from 10.10.1.31 with TCP (port=443) | |
2011-05-20 4305 | 20:16:22 | System | 127.0.0.1 | localhost | [Security] Access Violation from 10.10.1.31 with TCP (port=9000) | |
2011-05-20 4304 | 20:16:13 | System | 127.0.0.1 | localhost | [Security] Access Violation from 10.10.1.31 with UDP (port=1900) | |
2011-05-20 4303 | 20:13:38 | System | 127.0.0.1 | localhost | [Security] Access Violation from 10.10.1.31 with TCP (port=139) | |
2011-05-20 4302 | 20:13:29 | System | 127.0.0.1 | localhost | [Security] Access Violation from 10.10.1.31 with TCP (port=445) | |
2011-05-20 4301 | 20:12:45 | System | 127.0.0.1 | localhost | [Security] Access Violation from 10.10.1.31 with TCP (port=8080) | |
2011-05-20 4300 | 20:12:42 | System | 127.0.0.1 | localhost | [Security] Access Violation from 10.10.1.31 with TCP (port=443) | |
2011-05-20 4299 | 20:11:51 | System | 127.0.0.1 | localhost | Add IP: [10.10.1.31] to ban list for 60 minutes. |
05-20-2011 12:17 PM
The following security setting on the NSS324 is in place:
1. Allow all IP addresses.
2. Network Access Protection enabled (in five minutes, ten access failures, block for one hour) for ssh, telnet, http/https,
Matter of facT: The access credentials for the NSS324 _are_ stored, regardless, the Agent does behave like hacked intruder system.
NEED URGENT FIX - WE CAN NOT DISABNLE ALL IDP SYSTEMS ON ALL THE NETWORK DEVICES HERE!
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: