Hi Actually, we had to deactivate the filter that was doing this for some time and during that time, we got the message in addition to the below messages
Oct 18 09:25:20 M320-01-re0 re1 mgd[33869]: %INTERACT-6-UI_JUNOSCRIPT_CMD: User 'root' used JUNOScript client to run command 'set-login-name login-name=Juniper123' Oct 18 09:25:20 M320-01-re0 re1 mgd[33869]: %INTERACT-6-UI_JUNOSCRIPT_CMD: User 'Juniper123' used JUNOScript client to run command 'commit-configuration' Oct 18 09:25:20 JED1-IGR-M320-01-re0 re1 mgd[33869]: %INTERACT-5-UI_COMMIT: User 'Juniper123' requested 'commit' operation (comment: none) Best Regards, Walaa Abdel Razzak -----Original Message----- From: Jared Mauch [mailto:ja...@puck.nether.net] Sent: Sun 18/10/2009 21:08 To: Walaa Abdel razzak Cc: <juniper-nsp@puck.nether.net> Subject: Re: [j-nsp] is it an attack or not? Do you filter ssh connections to authorized ip ranges? Jared Mauch On Oct 18, 2009, at 1:57 PM, "Walaa Abdel razzak" <wala...@bmc.com.sa> wrote: > Hi Experts > > I am getting this message on my router log, is it means an attack or > something perforemed by router itself: > > Oct 18 09:25:16 M320-01-re0 re1 mgd[33869]: %INTERACT-6- > UI_JUNOSCRIPT_CMD: User '(unauthenticated user)' used JUNOScript > client to run command 'request-authentication user=root logname=root > host=M320-01-re0 agent=mgd current-directory=/var/tmp pid=62180 > ppid=1145' > > Best Regards, > Walaa Abdel Razzak > _______________________________________________ > juniper-nsp mailing list juniper-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/juniper-nsp _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
