cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2413
Views
5
Helpful
3
Replies

Problem SECURITY-LOGIN

viniicio
Level 1
Level 1

Hi everyone, we are recently configuring an ASR9010 router. But yesterday I am noticing a strange behavior.
Example:  load a lot when entering by telnet.

When reviewing with the show log command I see the following attempts:

RP/0/RSP1/CPU0:Jul 8 09:47:28.302 : exec[65867]: %SECURITY-LOGIN-4-AUTHEN_FAILED : Failed authentication attempt by user '<unknown>' from '45.170.220.38' on 'vty0'
RP/0/RSP1/CPU0:Jul 8 09:47:29.899 : exec[65867]: %SECURITY-LOGIN-4-AUTHEN_FAILED : Failed authentication attempt by user '<unknown>' from '45.170.220.38' on 'vty0'
RP/0/RSP1/CPU0:Jul 8 09:47:31.968 : exec[65867]: %SECURITY-LOGIN-4-AUTHEN_FAILED : Failed authentication attempt by user '<unknown>' from '45.170.220.38' on 'vty0'
RP/0/RSP1/CPU0:Jul 8 09:47:32.470 : exec[65867]: %MGBL-exec-3-LOGIN_AUTHEN : Login Authentication failed. Exiting...

I imagine that they must be DoS attacks. For that reason I thought about blocking them with an ACL but it is not working well for me. 

conf
ipv4 access-list resistance
deny ipv4 host 218.92.0.207 any
deny ipv4 host 168.243.48.13 any
deny ipv4 host 45.170.177.125 any
deny ipv4 host 45.170.129.14 any
deny ipv4 host 218.92.0.207 any
deny ipv4 host 80.90.90.25 any
deny ipv4 host 5.55.28.70 any
deny ipv4 host 5.75.17.236 any
deny ipv4 host 70.45.128.75 any
deny ipv4 host 98.148.247.23 any
deny ipv4 45.170.220.0 0.0.0.255 any
deny ipv4 45.170.221.0 0.0.0.255 any
deny ipv4 45.170.222.0 0.0.0.255 any
deny ipv4 45.170.223.0 0.0.0.255 any
permit icmp any host 192.168.1.1 (example IP )
permit icmp any host 192.168.1.1 (example IP )
permit ipv4 any any

Entered the interface:
IPv4 access-group nameACL egress

They could help me know if those logs are from a DoS attack.

Best regards,
Viinicio




1 Accepted Solution
3 Replies 3

Dear Aleksandar Vidakovic ,

Thanks a lot for your help.

Now checking i see that the version is: Cisco IOS XR Software, Version 5.3.4

knowing the iOS version could work even if the version of my iOS is inferior to the one in the guide.

 

Thaks,
Viniicio.

There were no changes in management plane protection commands in recent IOS XR releases. You can also check the same configuration guide for your release of choice. I just took the latest and greatest.

 

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: