cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
770
Views
0
Helpful
2
Replies
Highlighted
Beginner

VCSe Event log message

Hi,

I was wondering if anyone else had come across this error on a VCS Expressway's event log?Sanctuary Housing VCSe error.JPG

This is from a recently RMA'd VCSe. The IP address above is unknown and can be pinged but not browsed to.

Due to numerous external attacks previously, the client is keen to know what this means.

I suspected it may be an attempt to login via the web interface but on trying to recreate this, it was a different 'failed to authenticate' error.

Any suggestions appreciated!

*File attached in case brwoser does not show image correctly.

1 ACCEPTED SOLUTION

Accepted Solutions
Beginner

VCSe Event log message

Hi Michael,

Firstly, I assume you are running X7.2.x (with Apache version 2.4.2)?

I would think that this is an external attempt to scan for certain services on the VCS Apache server.

VCS would report that error if someone actually are trying to access a location/service that is not supposed to be served for that user.

In X7.2, we have a new firewall feature which will prevent these hacking attempt. You can with this configure firewall rules to control access to the VCS at the IP level (https://vcsip/firewallrulesconfig).

In X8, there will (probably) be even more functionality (automated detection) to restict unwanted users, such as:

External API authorization protection

SIP authorization failures

SIP registration failures

SIP violations

SSH authorization protection

SSH intrusion protection

Telnet authorization protection

Web authorization protection

Web intrusion protection

NB:These might change in the final release!

Hope this helps,

Arne

View solution in original post

2 REPLIES 2
Beginner

VCSe Event log message

Hi Michael,

Firstly, I assume you are running X7.2.x (with Apache version 2.4.2)?

I would think that this is an external attempt to scan for certain services on the VCS Apache server.

VCS would report that error if someone actually are trying to access a location/service that is not supposed to be served for that user.

In X7.2, we have a new firewall feature which will prevent these hacking attempt. You can with this configure firewall rules to control access to the VCS at the IP level (https://vcsip/firewallrulesconfig).

In X8, there will (probably) be even more functionality (automated detection) to restict unwanted users, such as:

External API authorization protection

SIP authorization failures

SIP registration failures

SIP violations

SSH authorization protection

SSH intrusion protection

Telnet authorization protection

Web authorization protection

Web intrusion protection

NB:These might change in the final release!

Hope this helps,

Arne

View solution in original post

Beginner

VCSe Event log message

Many thanks for the response Arne,

Yes, X7.2.2 is running on the VCSe (and Apache 2.4.2).

Your explanation would make sense in the light of previous attempts to the client's VCSe.

The client had been advised to add any unknown IPs to the firewall blacklist on the VCSe until sometime soon when it will be possible to move it into a DMZ.

Looking forward to the new features mentioned in X8.

Best regards,

Mike

CreatePlease to create content
Content for Community-Ad
August's Community Spotlight Awards
This widget could not be displayed.