Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 7 replies
  • Answers 1 answer
  • Subscribers 6 subscribers
  • Views 10848 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Is anyone else seeing alerts about failed ssh logins for username anyone?

JamesGolden

I'm getting notifications for several UTMs across several customers, with this alert: "Failed SSH login attempt from xxx.xxx.xxx.xxx  at 2017-10-22 22:28:38 with username anyname". For one customer, the alert indicates the IP address of a hyper-v host server, but the rest of the alerts are all from their DC (although for those customers, the DC is also their only server). 

I thought at first it was bug, but the UTMs are at different version levels. Is there some SSH exploit that I'm not aware of? 



This thread was automatically locked due to age.
Parents Reply
  • 0 in reply to giomoda

    according to the alerts, yes, the IP addresses are inside addresses. It's not like Windows servers even have a built-in SSH client. I may have the PuTTY client on some of the servers, but it doesn't run as a service. I thought maybe the commonality was something to do with RADIUS services, but RADIUS/NPS doesn't run on the Hyper-V host mentioned. 

Children
No Data