Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1329
Views
0
Helpful
2
Replies

VCSe Event log message

Go to solution
Michael Balmer
Level 1
Level 1

‎06-25-2013 03:29 AM - last edited on ‎03-25-2019 09:08 PM by Community Manager

Hi,

I was wondering if anyone else had come across this error on a VCS Expressway's event log?Sanctuary Housing VCSe error.JPG

This is from a recently RMA'd VCSe. The IP address above is unknown and can be pinged but not browsed to.

Due to numerous external attacks previously, the client is keen to know what this means.

I suspected it may be an attempt to login via the web interface but on trying to recreate this, it was a different 'failed to authenticate' error.

Any suggestions appreciated!

*File attached in case brwoser does not show image correctly.

Labels:
Preview file
23 KB
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
aostense
Level 1
Level 1

‎06-28-2013 06:09 AM

Hi Michael,

Firstly, I assume you are running X7.2.x (with Apache version 2.4.2)?

I would think that this is an external attempt to scan for certain services on the VCS Apache server.

VCS would report that error if someone actually are trying to access a location/service that is not supposed to be served for that user.

In X7.2, we have a new firewall feature which will prevent these hacking attempt. You can with this configure firewall rules to control access to the VCS at the IP level (https://vcsip/firewallrulesconfig).

In X8, there will (probably) be even more functionality (automated detection) to restict unwanted users, such as:

External API authorization protection

SIP authorization failures

SIP registration failures

SIP violations

SSH authorization protection

SSH intrusion protection

Telnet authorization protection

Web authorization protection

Web intrusion protection

NB:These might change in the final release!

Hope this helps,

Arne

View solution in original post

0 Helpful
2 Replies 2

Go to solution
aostense
Level 1
Level 1

‎06-28-2013 06:09 AM

Hi Michael,

Firstly, I assume you are running X7.2.x (with Apache version 2.4.2)?

I would think that this is an external attempt to scan for certain services on the VCS Apache server.

VCS would report that error if someone actually are trying to access a location/service that is not supposed to be served for that user.

In X7.2, we have a new firewall feature which will prevent these hacking attempt. You can with this configure firewall rules to control access to the VCS at the IP level (https://vcsip/firewallrulesconfig).

In X8, there will (probably) be even more functionality (automated detection) to restict unwanted users, such as:

External API authorization protection

SIP authorization failures

SIP registration failures

SIP violations

SSH authorization protection

SSH intrusion protection

Telnet authorization protection

Web authorization protection

Web intrusion protection

NB:These might change in the final release!

Hope this helps,

Arne

0 Helpful

Go to solution
Michael Balmer
Level 1
Level 1
In response to aostense

‎06-28-2013 06:36 AM

Many thanks for the response Arne,

Yes, X7.2.2 is running on the VCSe (and Apache 2.4.2).

Your explanation would make sense in the light of previous attempts to the client's VCSe.

The client had been advised to add any unknown IPs to the firewall blacklist on the VCSe until sometime soon when it will be possible to move it into a DMZ.

Looking forward to the new features mentioned in X8.

Best regards,

Mike

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents