Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1375
Views
0
Helpful
3
Replies

VCS SSH login attempts

Go to solution
Patrick Sparkman
VIP Alumni
VIP Alumni

‎07-30-2012 09:10 AM - edited ‎03-17-2019 11:32 PM

I've been seeing from time to time a lot of SSH login attempts on our VCS, any suggestions to prevent this?  It looks like a port scan and something is just trying random attempts.

1 person had this problem
Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Martin Koch
VIP Alumni
VIP Alumni
In response to Patrick Sparkman

‎07-30-2012 09:46 AM

Then talk to your network guys, its really not preferred to have the vcs unfirewalled.

Besides what I wrote, cutting the cable and ignoring the messages there is not that much to do,

though ignoring is not the best method :-)

This is a typical thing what you see, there are plenty scripts running on the internet, most likely

not directly targeting your organization but at least open and vulnurable systems.

This is related to all systems connected to open networks and not only to the VCS.

An other typical scan is sip ports which might also contain attempts to route external isdn calls.

Patrick: Please rate my postings using the stars below and set the thread to answered if it is.

Please remember to rate helpful responses and identify

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Martin Koch
VIP Alumni
VIP Alumni

‎07-30-2012 09:18 AM

Is the vcs on your internal net or exposed to the internet?

If its internal, you might identify the persons trying to access the VCS.

Anyhow, I would not run a vcs without a firewall to limit the access to the management ports,

expecilly if its connected to some public network.

There seem to be plans in the future version to have a local firewall on the VCS, but even

then I still recomend having the ports like ssh, http(s), ldap, ... blocked from the outside.

If you block it in your firewall you should not see any attempts.

Besides that, check that you use secure passwords for the admin / root and all other system accounts

as well as for the provisioning database and disable unused users if you added any.

Please remember to rate helpful responses and identify

0 Helpful

Go to solution
Patrick Sparkman
VIP Alumni
VIP Alumni
In response to Martin Koch

‎07-30-2012 09:20 AM

It's external, not my choice however.  All the time the IPs identified are not from our network.

0 Helpful

Go to solution
Martin Koch
VIP Alumni
VIP Alumni
In response to Patrick Sparkman

‎07-30-2012 09:46 AM

Then talk to your network guys, its really not preferred to have the vcs unfirewalled.

Besides what I wrote, cutting the cable and ignoring the messages there is not that much to do,

though ignoring is not the best method :-)

This is a typical thing what you see, there are plenty scripts running on the internet, most likely

not directly targeting your organization but at least open and vulnurable systems.

This is related to all systems connected to open networks and not only to the VCS.

An other typical scan is sip ports which might also contain attempts to route external isdn calls.

Patrick: Please rate my postings using the stars below and set the thread to answered if it is.

Please remember to rate helpful responses and identify

0 Helpful
Customers Also Viewed These Support Documents