fatal: Write failed: Broken pipe and brute force guessing login, why firewall not block SSH?

martlee2 · ‎03-24-2015

is it coming from non-firewall side but source ip address are fake? how to confirm whether are these?

<186>: 2015 Mar 24 08:29:27 HKT: %DAEMON-2-SYSTEM_MSG: fatal: Write failed: Broken pipe .Client is 75.121.220.251,length of packet causing error 84 84 - sshd[684]

what is this error fatal: Write failed: Broken pipe in log of N7K

i find many brute force guessing login,

what can we do next?

[7m--More--[27m
iled for user root#02# from 222.186.30.115 - sshd[23714]
[7m--More--[27m
2015 Mar 24 07:17:25 xxxx %AUTHPRIV-3-SYSTEM_MSG: pam_aaa:Authentication fa
[7m--More--[27m
iled for user root#02##02# from 222.186.30.115 - sshd[23714]
[7m--More--[27m
2015 Mar 24 07:17:28 xxxx %AUTHPRIV-3-SYSTEM_MSG: pam_aaa:Authentication fa
[7m--More--[27m
iled for user root from 222.186.30.115 - sshd[23715]
[7m--More--[27m
2015 Mar 24 07:17:28 xxxx %AUTHPRIV-3-SYSTEM_MSG: pam_aaa:Authentication fa
[7m--More--[27m
iled for user root#02# from 222.186.30.115 - sshd[23715]
[7m--More--[27m
2015 Mar 24 07:17:28 xxxx %AUTHPRIV-3-SYSTEM_MSG: pam_aaa:Authentication fa
[7m--More--[27m
iled for user root#02##02# from 222.186.30.115 - sshd[23715]
[7m--More--[27m
2015 Mar 24 07:17:31 xxxx %AUTHPRIV-3-SYSTEM_MSG: pam_aaa:Authentication fa
[7m--More--[27m
iled for user root from 222.186.30.115 - sshd[23717]
[7m--More--[27m
2015 Mar 24 07:17:31 xxxx %AUTHPRIV-3-SYSTEM_MSG: pam_aaa:Authentication fa
[7m--More--[27m
iled for user root#02# from 222.186.30.115 - sshd[23717]
[7m--More--[27m
2015 Mar 24 07:17:31 xxxx %AUTHPRIV-3-SYSTEM_MSG: pam_aaa:Authentication fa
[7m--More--[27m
iled for user root#02##02# from 222.186.30.115 - sshd[23717]
[7m--More--[27m
2015 Mar 24 07:17:33 xxxx %AUTHPRIV-3-SYSTEM_MSG: pam_aaa:Authentication fa
[7m--More--[27m
iled for user root from 222.186.30.115 - sshd[23718]
[7m--More--[27m
2015 Mar 24 07:17:33 xxxx %AUTHPRIV-3-SYSTEM_MSG: pam_aaa:Authentication fa
[7m--More--[27m
iled for user root#02# from 222.186.30.115 - sshd[23718]
[7m--More--[27m
2015 Mar 24 07:17:34 xxxx %AUTHPRIV-3-SYSTEM_MSG: pam_aaa:Authentication fa
[7m--More--[27m
iled for user root#02##02# from 222.186.30.115 - sshd[23718]
[7m--More--[27m
2015 Mar 24 07:17:36 xxxx %AUTHPRIV-3-SYSTEM_MSG: pam_aaa:Authentication fa
[7m--More--[27m
iled for user root from 222.186.30.115 - sshd[23719]
[7m--More--[27m
2015 Mar 24 07:17:36 xxxx %AUTHPRIV-3-SYSTEM_MSG: pam_aaa:Authentication fa
[7m--More--[27m
iled for user root#02# from 222.186.30.115 - sshd[23719]
[7m--More--[27m
2015 Mar 24 07:17:36 xxxx %AUTHPRIV-3-SYSTEM_MSG: pam_aaa:Authentication fa

Vibhor Amrodia · ‎03-24-2015

Hi,

This is generated by this open-source SSH daemon running on the switch after
a socket is reset and the daemon tries to write to it.

It gets displayed from the ssh process when a connection is reset.
Open SSH prints it when it tries to write to the socket and fails. It's a TCP socket write error.

Thanks and Regards,

Vibhor Amrodia

Mariselvam · ‎01-27-2018

How to solve the same....me also getting same error

Thanks in advance

mvsheik123 · ‎01-28-2018

Hi,

May need code upgrade. Check this link...

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCta10776/?reffering_site=dumpcr

hth

MS