07-30-2012 09:10 AM - edited 03-17-2019 11:32 PM
I've been seeing from time to time a lot of SSH login attempts on our VCS, any suggestions to prevent this? It looks like a port scan and something is just trying random attempts.
Solved! Go to Solution.
07-30-2012 09:46 AM
Then talk to your network guys, its really not preferred to have the vcs unfirewalled.
Besides what I wrote, cutting the cable and ignoring the messages there is not that much to do,
though ignoring is not the best method :-)
This is a typical thing what you see, there are plenty scripts running on the internet, most likely
not directly targeting your organization but at least open and vulnurable systems.
This is related to all systems connected to open networks and not only to the VCS.
An other typical scan is sip ports which might also contain attempts to route external isdn calls.
Patrick: Please rate my postings using the stars below and set the thread to answered if it is.
Please remember to rate helpful responses and identify
07-30-2012 09:18 AM
Is the vcs on your internal net or exposed to the internet?
If its internal, you might identify the persons trying to access the VCS.
Anyhow, I would not run a vcs without a firewall to limit the access to the management ports,
expecilly if its connected to some public network.
There seem to be plans in the future version to have a local firewall on the VCS, but even
then I still recomend having the ports like ssh, http(s), ldap, ... blocked from the outside.
If you block it in your firewall you should not see any attempts.
Besides that, check that you use secure passwords for the admin / root and all other system accounts
as well as for the provisioning database and disable unused users if you added any.
Please remember to rate helpful responses and identify
07-30-2012 09:20 AM
It's external, not my choice however. All the time the IPs identified are not from our network.
07-30-2012 09:46 AM
Then talk to your network guys, its really not preferred to have the vcs unfirewalled.
Besides what I wrote, cutting the cable and ignoring the messages there is not that much to do,
though ignoring is not the best method :-)
This is a typical thing what you see, there are plenty scripts running on the internet, most likely
not directly targeting your organization but at least open and vulnurable systems.
This is related to all systems connected to open networks and not only to the VCS.
An other typical scan is sip ports which might also contain attempts to route external isdn calls.
Patrick: Please rate my postings using the stars below and set the thread to answered if it is.
Please remember to rate helpful responses and identify
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: