Ok, I need a little help with this logging that i found on our production router.
This is the message I am starting to get in my logging for the router
Another FIN in CLOSEWAIT state.
%SSH-4-SSH2_UNEXPECTED_MSG: Unexpected message type has arrived. Terminating the connection from
I have read that i need to change my RSA key and to change my acl lines for this router.
Also read that someone is doing ssh scan on public ip address and trying to do a brute force attack.
Since I did not setup this router, I don't know if this setup is good or bad.
Here is the information I can provide to help with this issue.
ASR1002
IOS XE Version: 03.08.01.S
ip access-list extended mgmt.in
permit icmp any any log
permit ip any any log
ip access-list extended outside.in
Any help would be appreciate or any ideas on how to fixed this problem ?
Also let me know how serious this message.