No matching cipher found

feeman

Опубликовано 5 ноября, 2019 · Жалоба

Заметил на маршрутизаторе cisco вот такую странную активность.

Кто в курсе, подскажите:

Скрытый текст

000097: Oct 29 00:31:29.134: %SSH-3-NO_MATCH: No matching cipher found: client chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com server aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc
000098: Oct 29 00:31:29.350: %SSH-3-NO_MATCH: No matching cipher found: client chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com server aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc
000099: Oct 29 01:54:49.746: %SSH-4-SSH2_UNEXPECTED_MSG: Unexpected message type has arrived. Terminating the connection from 110.185.166.137
000100: Oct 29 09:03:56.156: %SSH-3-NO_MATCH: No matching cipher found: client aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr server aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc
000101: Oct 29 09:39:55.212: %SSH-3-DH_SIZE: DH public key size > DH group key size(128)
000102: Oct 29 16:58:29.770: %SSH-3-NO_MATCH: No matching cipher found: client aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128 server aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc
000103: Oct 29 22:36:36.089: %SSH-3-NO_MATCH: No matching cipher found: client aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128 server aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc
000104: Oct 30 18:51:16.608: %SSH-3-NO_MATCH: No matching cipher found: client chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com server aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc
000105: Oct 30 22:37:13.555: %SSH-3-NO_MATCH: No matching cipher found: client aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128 server aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc
000106: Oct 30 22:44:54.343: %SSH-3-NO_MATCH: No matching cipher found: client chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com server aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc
000107: Oct 30 22:44:54.467: %SSH-3-NO_MATCH: No matching cipher found: client chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com server aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc
000108: Oct 31 17:28:08.110: %SSH-3-NO_MATCH: No matching cipher found: client aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr server aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc
000109: Oct 31 22:36:40.049: %SSH-3-NO_MATCH: No matching cipher found: client aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128 server aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc
000110: Nov 1 00:56:57.516: %SSH-3-NO_MATCH: No matching cipher found: client aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr server aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc
000111: Nov 1 04:41:04.487: %SSH-3-NO_MATCH: No matching hostkey algorithm found: client ecdsa-sha2-nistp256 server ssh-rsa
000112: Nov 1 04:41:19.683: %SSH-3-NO_MATCH: No matching hostkey algorithm found: client ecdsa-sha2-nistp384 server ssh-rsa
000113: Nov 1 04:41:35.199: %SSH-3-NO_MATCH: No matching hostkey algorithm found: client ecdsa-sha2-nistp521 server ssh-rsa
000114: Nov 1 04:42:12.579: %SSH-3-NO_MATCH: No matching hostkey algorithm found: client ssh-dss server ssh-rsa
000115: Nov 1 06:24:23.551: %SSH-3-NO_MATCH: No matching cipher found: client aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr server aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc
000116: Nov 1 10:35:29.234: %SSH-4-SSH2_UNEXPECTED_MSG: Unexpected message type has arrived. Terminating the connection from 180.149.125.170
000117: Nov 1 22:36:53.971: %SSH-3-NO_MATCH: No matching cipher found: client aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128 server aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc
000118: Nov 1 22:52:31.579: %SSH-3-NO_MATCH: No matching cipher found: client aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr server aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc
000119: Nov 2 00:28:57.182: %SSH-3-NO_MATCH: No matching cipher found: client aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128 server aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc
000120: Nov 2 02:59:14.658: %SSH-3-NO_MATCH: No matching cipher found: client aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr server aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc
000121: Nov 2 11:58:35.208: %SSH-3-NO_MATCH: No matching cipher found: client aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128 server aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc
000122: Nov 2 21:41:17.773: %SSH-4-SSH2_UNEXPECTED_MSG: Unexpected message type has arrived. Terminating the connection from 196.52.43.128
000123: Nov 3 07:03:50.783: %SSH-3-NO_MATCH: No matching cipher found: client chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com server aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc
000124: Nov 3 07:03:50.811: %SSH-3-NO_MATCH: No matching cipher found: client chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com server aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc
000125: Nov 4 07:36:56.625: %SSH-3-NO_MATCH: No matching cipher found: client aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128 server aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc
000126: Nov 4 22:37:17.809: %SSH-3-NO_MATCH: No matching cipher found: client aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128 server aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc
000127: Nov 4 22:51:54.177: %SSH-3-NO_MATCH: No matching cipher found: client aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr server aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc
000128: Nov 4 23:45:58.061: %SSH-3-NO_MATCH: No matching cipher found: client chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com server aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc
000129: Nov 4 23:45:58.373: %SSH-3-NO_MATCH: No matching cipher found: client chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com server aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc
000130: Nov 5 01:04:31.040: %SSH-3-NO_MATCH: No matching cipher found: client aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr server aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc
000131: Nov 5 04:03:05.860: %SSH-3-NO_MATCH: No matching cipher found: client aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128 server aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc

Поделиться сообщением

Ссылка на сообщение

Поделиться на других сайтах

TheUser

Опубликовано 5 ноября, 2019 · Жалоба

Ограничьте же SSH со сторонних сетей.

Поделиться сообщением

Ссылка на сообщение

Поделиться на других сайтах

smart85

Опубликовано 5 ноября, 2019 · Жалоба

И вообще, судя по тому, что имеет место быть такое на SSH, следует посмотреть, а если CoPP вообще на железке.

Поделиться сообщением

Ссылка на сообщение

Поделиться на других сайтах

kapydan

Опубликовано 5 ноября, 2019 · Жалоба

какая железка и ios?

Поделиться сообщением

Ссылка на сообщение

Поделиться на других сайтах

feeman

Опубликовано 5 ноября, 2019 · Жалоба

24 минуты назад, kapydan сказал:

какая железка и ios?

Cisco 7201

disk2:c7200p-adventerprisek9-mz.152-4.M11.bin

Поделиться сообщением

Ссылка на сообщение

Поделиться на других сайтах

feeman

Опубликовано 5 ноября, 2019 · Жалоба

1 час назад, mse.rus77 сказал:

а если CoPP вообще на железке

CoPP есть, но не используется.

Кстати, за приведенный пример был бы очень признателен.

Поделиться сообщением

Ссылка на сообщение

Поделиться на других сайтах

smart85

Опубликовано 5 ноября, 2019 · Жалоба

12 минут назад, feeman сказал:

CoPP есть, но не используется.

Кстати, за приведенный пример был бы очень признателен.

По форуму поищите, был отличный пример

Поделиться сообщением

Ссылка на сообщение

Поделиться на других сайтах

kapydan

Опубликовано 5 ноября, 2019 · Жалоба

54 минуты назад, feeman сказал:

Cisco 7201

disk2:c7200p-adventerprisek9-mz.152-4.M11.bin

Судя по feature navigator, 15.2 последняя версия для 7201.

Недавно была похожая проблема на 2921 роутере, там решилось обновлением софта.

А в данному случае - возможно, стоит посмотреть настройки доступа ssh и обновить rsa ключи. Но могу ошибаться.

Поделиться сообщением

Ссылка на сообщение

Поделиться на других сайтах

StSphinx

Опубликовано 5 ноября, 2019 · Жалоба

Control Plane Policing Implementation Best Practices

Поделиться сообщением

Ссылка на сообщение

Поделиться на других сайтах

ayf

Опубликовано 13 февраля, 2020 · Жалоба

Чтобы темы не плодить, спрошу тут.
Коммутатор 3560Х.
В логах идет такое:

028025: Feb 12 23:02:03.617: SSH2 5: no matching cipher found: client aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr
028026: Feb 13 01:51:14.119: SSH2 5: no matching cipher found: client aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr
028027: Feb 13 05:17:50.806: SSH2 5: no matching cipher found: client aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr
028028: Feb 13 05:56:00.524: SSH2 5: no matching cipher found: client aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr
028029: Feb 13 06:18:06.141: SSH2 5: no matching cipher found: client aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr
028030: Feb 13 06:36:59.273: SSH2 5: no matching cipher found: client aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr

При этом коммутатор сидит во внутренней сети, без доступа в интернет. Доступ в интернет есть только у клиентов, которые к нему подключены.
Софт: "flash:/c3560e-universalk9-mz.122-55.SE5/c3560e-universalk9-mz.122-55.SE5.bin

Логирование показало, что ко мне ломятся из Румынии:

028104: Feb 13 13:06:33.862: %SEC_LOGIN-4-LOGIN_FAILED: Login failed [user: admin] [Source: 185.232.67.6] [localport: 22] [Reason: Login Authentication Failed] at 13:06:33 MSK Thu Feb 13 2020
028105: Feb 13 13:06:36.211: %SEC_LOGIN-4-LOGIN_FAILED: Login failed [user: user] [Source: 185.232.67.6] [localport: 22] [Reason: Login Authentication Failed] at 13:06:36 MSK Thu Feb 13 2020
028106: Feb 13 13:06:38.937: %SEC_LOGIN-4-LOGIN_FAILED: Login failed [user: support] [Source: 185.232.67.6] [localport: 22] [Reason: Login Authentication Failed] at 13:06:38 MSK Thu Feb 13 2020
028107: Feb 13 13:06:48.902: %SEC_LOGIN-4-LOGIN_FAILED: Login failed [user: root] [Source: 185.232.67.6] [localport: 22] [Reason: Login Authentication Failed] at 13:06:48 MSK Thu Feb 13 2020
028108: Feb 13 13:06:51.679: %SEC_LOGIN-4-LOGIN_FAILED: Login failed [user: admin] [Source: 185.232.67.6] [localport: 22] [Reason: Login Authentication Failed] at 13:06:51 MSK Thu Feb 13 2020
028109: Feb 13 13:06:54.187: %SEC_LOGIN-4-LOGIN_FAILED: Login failed [user: admin] [Source: 185.232.67.6] [localport: 22] [Reason: Login Authentication Failed] at 13:06:54 MSK Thu Feb 13 2020
028110: Feb 13 13:07:01.963: %SEC_LOGIN-4-LOGIN_FAILED: Login failed [user: admin] [Source: 185.232.67.6] [localport: 22] [Reason: Login Authentication Failed] at 13:07:01 MSK Thu Feb 13 2020
028111: Feb 13 13:07:03.473: %SEC_LOGIN-4-LOGIN_FAILED: Login failed [user: admin] [Source: 185.232.67.5] [localport: 22] [Reason: Login Authentication Failed] at 13:07:03 MSK Thu Feb 13 2020
028112: Feb 13 13:07:04.169: %SEC_LOGIN-4-LOGIN_FAILED: Login failed [user: default] [Source: 185.232.67.6] [localport: 22] [Reason: Login Authentication Failed] at 13:07:04 MSK Thu Feb 13 2020
028113: Feb 13 13:07:05.637: %SEC_LOGIN-4-LOGIN_FAILED: Login failed [user: user] [Source: 185.232.67.5] [localport: 22] [Reason: Login Authentication Failed] at 13:07:05 MSK Thu Feb 13 2020
028114: Feb 13 13:07:06.702: %SEC_LOGIN-4-LOGIN_FAILED: Login failed [user: user] [Source: 185.232.67.6] [localport: 22] [Reason: Login Authentication Failed] at 13:07:06 MSK Thu Feb 13 2020
028115: Feb 13 13:07:07.851: %SEC_LOGIN-4-LOGIN_FAILED: Login failed [user: support] [Source: 185.232.67.5] [localport: 22] [Reason: Login Authentication Failed] at 13:07:07 MSK Thu Feb 13 2020
028116: Feb 13 13:07:11.114: %SEC_LOGIN-4-LOGIN_FAILED: Login failed [user: root] [Source: 185.232.67.5] [localport: 22] [Reason: Login Authentication Failed] at 13:07:11 MSK Thu Feb 13 2020
028117: Feb 13 13:07:12.658: %SEC_LOGIN-4-LOGIN_FAILED: Login failed [user: default] [Source: 185.232.67.6] [localport: 22] [Reason: Login Authentication Failed] at 13:07:12 MSK Thu Feb 13 2020
028118: Feb 13 13:07:13.371: %SEC_LOGIN-4-LOGIN_FAILED: Login failed [user: admin] [Source: 185.232.67.5] [localport: 22] [Reason: Login Authentication Failed] at 13:07:13 MSK Thu Feb 13 2020
028119: Feb 13 13:07:14.948: %SEC_LOGIN-4-LOGIN_FAILED: Login failed [user: operator] [Source: 185.232.67.6] [localport: 22] [Reason: Login Authentication Failed] at 13:07:14 MSK Thu Feb 13 2020
028120: Feb 13 13:07:15.443: %SEC_LOGIN-4-LOGIN_FAILED: Login failed [user: admin] [Source: 185.232.67.5] [localport: 22] [Reason: Login Authentication Failed] at 13:07:15 MSK Thu Feb 13 2020
028121: Feb 13 13:07:18.110: %SEC_LOGIN-4-LOGIN_FAILED: Login failed [user: ubnt] [Source: 185.232.67.6] [localport: 22] [Reason: Login Authentication Failed] at 13:07:18 MSK Thu Feb 13 2020
028122: Feb 13 13:07:19.159: %SEC_LOGIN-4-LOGIN_FAILED: Login failed [user: admin] [Source: 185.232.67.5] [localport: 22] [Reason: Login Authentication Failed] at 13:07:19 MSK Thu Feb 13 2020
028123: Feb 13 13:07:21.289: %SEC_LOGIN-4-LOGIN_FAILED: Login failed [user: default] [Source: 185.232.67.5] [localport: 22] [Reason: Login Authentication Failed] at 13:07:21 MSK Thu Feb 13 2020
028124: Feb 13 13:07:23.378: %SEC_LOGIN-4-LOGIN_FAILED: Login failed [user: user] [Source: 185.232.67.5] [localport: 22] [Reason: Login Authentication Failed] at 13:07:23 MSK Thu Feb 13 2020
028125: Feb 13 13:07:28.931: %SEC_LOGIN-4-LOGIN_FAILED: Login failed [user: admin] [Source: 185.232.67.6] [localport: 22] [Reason: Login Authentication Failed] at 13:07:28 MSK Thu Feb 13 2020
028126: Feb 13 13:07:37.126: %SEC_LOGIN-4-LOGIN_FAILED: Login failed [user: default] [Source: 185.232.67.5] [localport: 22] [Reason: Login Authentication Failed] at 13:07:37 MSK Thu Feb 13 2020
028127: Feb 13 13:07:39.198: %SEC_LOGIN-4-LOGIN_FAILED: Login failed [user: operator] [Source: 185.232.67.5] [localport: 22] [Reason: Login Authentication Failed] at 13:07:39 MSK Thu Feb 13 2020
028128: Feb 13 13:07:41.279: %SEC_LOGIN-4-LOGIN_FAILED: Login failed [user: ubnt] [Source: 185.232.67.5] [localport: 22] [Reason: Login Authentication Failed] at 13:07:41 MSK Thu Feb 13 2020
028129: Feb 13 13:07:42.075: %SEC_LOGIN-4-LOGIN_FAILED: Login failed [user: admin] [Source: 185.232.67.6] [localport: 22] [Reason: Login Authentication Failed] at 13:07:42 MSK Thu Feb 13 2020
028130: Feb 13 13:07:45.473: %SEC_LOGIN-4-LOGIN_FAILED: Login failed [user: admin] [Source: 185.232.67.5] [localport: 22] [Reason: Login Authentication Failed] at 13:07:45 MSK Thu Feb 13 2020
028131: Feb 13 13:07:47.654: %SEC_LOGIN-4-LOGIN_FAILED: Login failed [user: admin] [Source: 185.232.67.5] [localport: 22] [Reason: Login Authentication Failed] at 13:07:47 MSK Thu Feb 13 2020
028132: Feb 13 13:07:49.893: %SEC_LOGIN-4-LOGIN_FAILED: Login failed [user: 1234] [Source: 185.232.67.5] [localport: 22] [Reason: Login Authentication Failed] at 13:07:49 MSK Thu Feb 13 2020
028133: Feb 13 13:07:53.081: %SEC_LOGIN-4-LOGIN_FAILED: Login failed [user: admin] [Source: 185.232.67.5] [localport: 22] [Reason: Login Authentication Failed] at 13:07:53 MSK Thu Feb 13 2020
028134: Feb 13 13:07:55.161: %SEC_LOGIN-4-LOGIN_FAILED: Login failed [user: root] [Source: 185.232.67.5] [localport: 22] [Reason: Login Authentication Failed] at 13:07:55 MSK Thu Feb 13 2020
028135: Feb 13 13:07:57.401: %SEC_LOGIN-4-LOGIN_FAILED: Login failed [user: admin] [Source: 185.232.67.5] [localport: 22] [Reason: Login Authentication Failed] at 13:07:57 MSK Thu Feb 13 2020
028136: Feb 13 13:07:57.753: %SEC_LOGIN-4-LOGIN_FAILED: Login failed [user: 1234] [Source: 185.232.67.6] [localport: 22] [Reason: Login Authentication Failed] at 13:07:57 MSK Thu Feb 13 2020
028137: Feb 13 13:08:00.580: %SEC_LOGIN-4-LOGIN_FAILED: Login failed [user: user] [Source: 185.232.67.5] [localport: 22] [Reason: Login Authentication Failed] at 13:08:00 MSK Thu Feb 13 2020
028138: Feb 13 13:08:02.668: %SEC_LOGIN-4-LOGIN_FAILED: Login failed [user: admin] [Source: 185.232.67.5] [localport: 22] [Reason: Login Authentication Failed] at 13:08:02 MSK Thu Feb 13 2020
028139: Feb 13 13:08:03.524: %SEC_LOGIN-4-LOGIN_FAILED: Login failed [user: admin] [Source: 185.232.67.6] [localport: 22] [Reason: Login Authentication Failed] at 13:08:03 MSK Thu Feb 13 2020
028140: Feb 13 13:08:04.732: %SEC_LOGIN-4-LOGIN_FAILED: Login failed [user: camera] [Source: 185.232.67.5] [localport: 22] [Reason: Login Authentication Failed] at 13:08:04 MSK Thu Feb 13 2020
028141: Feb 13 13:08:06.863: %SEC_LOGIN-4-LOGIN_FAILED: Login failed [user: root] [Source: 185.232.67.6] [localport: 22] [Reason: Login Authentication Failed] at 13:08:06 MSK Thu Feb 13 2020
028142: Feb 13 13:08:07.945: %SEC_LOGIN-4-LOGIN_FAILED: Login failed [user: ftp] [Source: 185.232.67.5] [localport: 22] [Reason: Login Authentication Failed] at 13:08:07 MSK Thu Feb 13 2020
028143: Feb 13 13:08:10.033: %SEC_LOGIN-4-LOGIN_FAILED: Login failed [user: tplink] [Source: 185.232.67.5] [localport: 22] [Reason: Login Authentication Failed] at 13:08:10 MSK Thu Feb 13 2020
028144: Feb 13 13:08:10.696: %SEC_LOGIN-4-LOGIN_FAILED: Login failed [user: admin] [Source: 185.232.67.6] [localport: 22] [Reason: Login Authentication Failed] at 13:08:10 MSK Thu Feb 13 2020
028145: Feb 13 13:08:12.147: %SEC_LOGIN-4-LOGIN_FAILED: Login failed [user: guest] [Source: 185.232.67.5] [localport: 22] [Reason: Login Authentication Failed] at 13:08:12 MSK Thu Feb 13 2020
028146: Feb 13 13:08:15.561: %SEC_LOGIN-4-LOGIN_FAILED: Login failed [user: test] [Source: 185.232.67.5] [localport: 22] [Reason: Login Authentication Failed] at 13:08:15 MSK Thu Feb 13 2020
028147: Feb 13 13:08:15.695: %SEC_LOGIN-4-LOGIN_FAILED: Login failed [user: user] [Source: 185.232.67.6] [localport: 22] [Reason: Login Authentication Failed] at 13:08:15 MSK Thu Feb 13 2020
028148: Feb 13 13:08:17.667: %SEC_LOGIN-4-LOGIN_FAILED: Login failed [user: root] [Source: 185.232.67.5] [localport: 22] [Reason: Login Authentication Failed] at 13:08:17 MSK Thu Feb 13 2020
028149: Feb 13 13:08:18.178: %SEC_LOGIN-4-LOGIN_FAILED: Login failed [user: admin] [Source: 185.232.67.6] [localport: 22] [Reason: Login Authentication Failed] at 13:08:18 MSK Thu Feb 13 2020
028150: Feb 13 13:08:19.730: %SEC_LOGIN-4-LOGIN_FAILED: Login failed [user: telecomadmin] [Source: 185.232.67.5] [localport: 22] [Reason: Login Authentication Failed] at 13:08:19 MSK Thu Feb 13 2020
028151: Feb 13 13:08:20.871: %SEC_LOGIN-4-LOGIN_FAILED: Login failed [user: camera] [Source: 185.232.67.6] [localport: 22] [Reason: Login Authentication Failed] at 13:08:20 MSK Thu Feb 13 2020
028152: Feb 13 13:08:22.892: %SEC_LOGIN-4-LOGIN_FAILED: Login failed [user: admin] [Source: 185.232.67.5] [localport: 22] [Reason: Login Authentication Failed] at 13:08:22 MSK Thu Feb 13 2020
028153: Feb 13 13:08:25.275: %SEC_LOGIN-4-LOGIN_FAILED: Login failed [user: admin] [Source: 185.232.67.5] [localport: 22] [Reason: Login Authentication Failed] at 13:08:25 MSK Thu Feb 13 2020
028154: Feb 13 13:08:25.367: %SEC_LOGIN-4-LOGIN_FAILED: Login failed [user: ftp] [Source: 185.232.67.6] [localport: 22] [Reason: Login Authentication Failed] at 13:08:25 MSK Thu Feb 13 2020
028155: Feb 13 13:08:27.355: %SEC_LOGIN-4-LOGIN_FAILED: Login failed [user: admin] [Source: 185.232.67.5] [localport: 22] [Reason: Login Authentication Failed] at 13:08:27 MSK Thu Feb 13 2020
028156: Feb 13 13:08:28.647: %SEC_LOGIN-4-LOGIN_FAILED: Login failed [user: tplink] [Source: 185.232.67.6] [localport: 22] [Reason: Login Authentication Failed] at 13:08:28 MSK Thu Feb 13 2020
028157: Feb 13 13:08:30.543: %SEC_LOGIN-4-LOGIN_FAILED: Login failed [user: cron] [Source: 185.232.67.5] [localport: 22] [Reason: Login Authentication Failed] at 13:08:30 MSK Thu Feb 13 2020
028158: Feb 13 13:08:31.834: %SEC_LOGIN-4-LOGIN_FAILED: Login failed [user: guest] [Source: 185.232.67.6] [localport: 22] [Reason: Login Authentication Failed] at 13:08:31 MSK Thu Feb 13 2020
028159: Feb 13 13:08:32.908: %SEC_LOGIN-4-LOGIN_FAILED: Login failed [user: admin] [Source: 185.232.67.5] [localport: 22] [Reason: Login Authentication Failed] at 13:08:32 MSK Thu Feb 13 2020
028160: Feb 13 13:08:34.988: %SEC_LOGIN-4-LOGIN_FAILED: Login failed [user: admins] [Source: 185.232.67.5] [localport: 22] [Reason: Login Authentication Failed] at 13:08:34 MSK Thu Feb 13 2020
028161: Feb 13 13:08:38.067: %SEC_LOGIN-4-LOGIN_FAILED: Login failed [user: ftp] [Source: 185.232.67.5] [localport: 22] [Reason: Login Authentication Failed] at 13:08:38 MSK Thu Feb 13 2020
028162: Feb 13 13:08:40.172: %SEC_LOGIN-4-LOGIN_FAILED: Login failed [user: osmc] [Source: 185.232.67.5] [localport: 22] [Reason: Login Authentication Failed] at 13:08:40 MSK Thu Feb 13 2020
028163: Feb 13 13:08:42.060: %SEC_LOGIN-4-LOGIN_FAILED: Login failed [user: test] [Source: 185.232.67.6] [localport: 22] [Reason: Login Authentication Failed] at 13:08:42 MSK Thu Feb 13 2020
028164: Feb 13 13:08:42.269: %SEC_LOGIN-4-LOGIN_FAILED: Login failed [user: root] [Source: 185.232.67.5] [localport: 22] [Reason: Login Authentication Failed] at 13:08:42 MSK Thu Feb 13 2020
028165: Feb 13 13:08:44.610: %SEC_LOGIN-4-LOGIN_FAILED: Login failed [user: root] [Source: 185.232.67.6] [localport: 22] [Reason: Login Authentication Failed] at 13:08:44 MSK Thu Feb 13 2020
028166: Feb 13 13:08:48.158: %SEC_LOGIN-4-LOGIN_FAILED: Login failed [user: telecomadmin] [Source: 185.232.67.6] [localport: 22] [Reason: Login Authentication Failed] at 13:08:48 MSK Thu Feb 13 2020
028167: Feb 13 13:08:54.608: %SEC_LOGIN-4-LOGIN_FAILED: Login failed [user: admin] [Source: 185.232.67.6] [localport: 22] [Reason: Login Authentication Failed] at 13:08:54 MSK Thu Feb 13 2020
028168: Feb 13 13:08:57.905: %SEC_LOGIN-4-LOGIN_FAILED: Login failed [user: admin] [Source: 185.232.67.6] [localport: 22] [Reason: Login Authentication Failed] at 13:08:57 MSK Thu Feb 13 2020
028169: Feb 13 13:09:01.025: %SEC_LOGIN-4-LOGIN_FAILED: Login failed [user: admin] [Source: 185.232.67.6] [localport: 22] [Reason: Login Authentication Failed] at 13:09:01 MSK Thu Feb 13 2020
028170: Feb 13 13:09:05.916: %SEC_LOGIN-4-LOGIN_FAILED: Login failed [user: cron] [Source: 185.232.67.6] [localport: 22] [Reason: Login Authentication Failed] at 13:09:05 MSK Thu Feb 13 2020
028171: Feb 13 13:09:09.900: %SEC_LOGIN-4-LOGIN_FAILED: Login failed [user: admin] [Source: 185.232.67.6] [localport: 22] [Reason: Login Authentication Failed] at 13:09:09 MSK Thu Feb 13 2020
028172: Feb 13 13:09:13.742: %SEC_LOGIN-4-LOGIN_FAILED: Login failed [user: admins] [Source: 185.232.67.6] [localport: 22] [Reason: Login Authentication Failed] at 13:09:13 MSK Thu Feb 13 2020
028173: Feb 13 13:09:19.840: %SEC_LOGIN-4-LOGIN_FAILED: Login failed [user: ftp] [Source: 185.232.67.6] [localport: 22] [Reason: Login Authentication Failed] at 13:09:19 MSK Thu Feb 13 2020
028174: Feb 13 13:09:23.263: %SEC_LOGIN-4-LOGIN_FAILED: Login failed [user: osmc] [Source: 185.232.67.6] [localport: 22] [Reason: Login Authentication Failed] at 13:09:23 MSK Thu Feb 13 2020
028175: Feb 13 13:09:26.937: %SEC_LOGIN-4-LOGIN_FAILED: Login failed [user: root] [Source: 185.232.67.6] [localport: 22] [Reason: Login Authentication Failed] at 13:09:26 MSK Thu Feb 13 2020

Как бы это прекратить? Имеет ли смысл писать администратору той сети, с которой идет брутфорс?

Поделиться сообщением

Ссылка на сообщение

Поделиться на других сайтах

VolanD666

Опубликовано 13 февраля, 2020 · Жалоба

Ну скорее всего ломятся на клиентский шлюз, который прописан на SVI коммутатора. Лечится установкой ACL на vty + я бы управление положил в отдельный VRF.

Войти

Поделиться сообщением

Ссылка на сообщение

Поделиться на других сайтах

Поделиться сообщением

Ссылка на сообщение

Поделиться на других сайтах

Поделиться сообщением

Ссылка на сообщение

Поделиться на других сайтах

Поделиться сообщением

Ссылка на сообщение

Поделиться на других сайтах

Поделиться сообщением

Ссылка на сообщение

Поделиться на других сайтах

Поделиться сообщением

Ссылка на сообщение

Поделиться на других сайтах

Поделиться сообщением

Ссылка на сообщение

Поделиться на других сайтах

Поделиться сообщением

Ссылка на сообщение

Поделиться на других сайтах

Поделиться сообщением

Ссылка на сообщение

Поделиться на других сайтах

Поделиться сообщением

Ссылка на сообщение

Поделиться на других сайтах

Поделиться сообщением

Ссылка на сообщение

Поделиться на других сайтах

Join the conversation