This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos XG - Logs showing message="User '-' failed to login

Hey Guys,

I'm seeing an unusual logins on my Sophos XG 115. The user is - and the IP it's coming from is my DC (192.168.0.10). About every hour I'm seeing:

Adminmessageid="17507"
log_type="Event"
log_component="CLI"
log_subtype="Admin"
status="Failed"
user="-"
src_ip="192.168.0.10"
additional_information=""
message="User '-' failed to login from '192.168.0.10' using ssh because of wrong credentials"

No RDP or other ports open from the WAN. I do have SSL VPN setup. It's a pretty brand new 2016 DC setup.

I am running Labtech on the DC, so my gut feeling is it might be the Labtech network probe doing it.

How would I go about figuring out what's causing the logon attempt? What is user - ?

This thread was automatically locked due to age.

Parents

0 LuCar Toni over 6 years ago

Would suggest to try a Dump of this Traffic to check.

Maybe take a look at the DC and perform a Debug there.

https://techtalk.gfi.com/scan-open-ports-in-windows-a-quick-guide/

Some Application should start a SSH Connection to XG. This looks odd.
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 LuCar Toni over 6 years ago

Would suggest to try a Dump of this Traffic to check.

Maybe take a look at the DC and perform a Debug there.

https://techtalk.gfi.com/scan-open-ports-in-windows-a-quick-guide/

Some Application should start a SSH Connection to XG. This looks odd.
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data