10-21-2009 12:23 PM - edited 03-10-2019 04:44 PM
Hey guys,
I have an ACS in place that is recording Failed attempts on SSH sessions from some of my routers in the field. I noticed that I was getting attacked from different IP addresses trying to logon via SSH. Multiple userID's were being used and it told me the location of the attacker.
That said, recently I went to put ACL's on my WAN interface to block SSH from anyone but my Home Office IP and I noticed that one of the "Caller-ID" fields has "async" as the caller instead of an IP. Can someone tell me what this means?
Thanks in advance.
-Josh
Solved! Go to Solution.
10-21-2009 12:53 PM
Hi Josh,
you need to check whether this is coming from the known or unknown NAS look for NAS ip address.
Are you getting this message in the failed attempts "External DB user invalid or bad" or you see all garbage in the user's name?
If we look at the Failed logs and we see
Caller-ID = async
NAS-Port = tty0
- tty0 is the console port
then pick the NAS ip and see what is connected to the Console port of the
that device,
It seems like there is something that is causing a noise on console port (tty0).
You can check this by running sh line on that device.
- If it is terminal server, then under line x y, issue the command "no
exec".
HTH
JK
Plz rate helpful posts-
10-21-2009 12:53 PM
Hi Josh,
you need to check whether this is coming from the known or unknown NAS look for NAS ip address.
Are you getting this message in the failed attempts "External DB user invalid or bad" or you see all garbage in the user's name?
If we look at the Failed logs and we see
Caller-ID = async
NAS-Port = tty0
- tty0 is the console port
then pick the NAS ip and see what is connected to the Console port of the
that device,
It seems like there is something that is causing a noise on console port (tty0).
You can check this by running sh line on that device.
- If it is terminal server, then under line x y, issue the command "no
exec".
HTH
JK
Plz rate helpful posts-
10-21-2009 01:18 PM
That appears to be the problem. Someone plugged a network cable into the console port. Thanks.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide