Hi Tarique Is it related to J-Web only or can be used for another tasks, this is bcoz we are not running the J-Web on this router.
Best Regards, Walaa Abdel Razzak -----Original Message----- From: Nalkhande Tarique Abbas [mailto:ntari...@juniper.net] Sent: Mon 19/10/2009 05:31 To: Walaa Abdel razzak; Jared Mauch Cc: juniper-nsp@puck.nether.net Subject: RE: [j-nsp] is it an attack or not? Greetings Walaa, These messages are normal. The user is authenticated and it is not an indication of a breach of the router's security. Basically, JWeb logins appear as a JUNOScript client '(unauthenticated user)'. The JWeb client uses JUNOScript to log the username/password that was entered at the JWeb prompt. The username and password are authenticated thereafter. Have a look here, http://kb.juniper.net/index?page=content&id=KB12783 Thanks & Regards, Tarique A. Nalkhande -----Original Message----- From: juniper-nsp-boun...@puck.nether.net [mailto:juniper-nsp-boun...@puck.nether.net] On Behalf Of Walaa Abdel razzak Sent: Monday, October 19, 2009 12:33 AM To: Jared Mauch Cc: juniper-nsp@puck.nether.net Subject: Re: [j-nsp] is it an attack or not? Hi Actually, we had to deactivate the filter that was doing this for some time and during that time, we got the message in addition to the below messages Oct 18 09:25:20 M320-01-re0 re1 mgd[33869]: %INTERACT-6-UI_JUNOSCRIPT_CMD: User 'root' used JUNOScript client to run command 'set-login-name login-name=Juniper123' Oct 18 09:25:20 M320-01-re0 re1 mgd[33869]: %INTERACT-6-UI_JUNOSCRIPT_CMD: User 'Juniper123' used JUNOScript client to run command 'commit-configuration' Oct 18 09:25:20 JED1-IGR-M320-01-re0 re1 mgd[33869]: %INTERACT-5-UI_COMMIT: User 'Juniper123' requested 'commit' operation (comment: none) Best Regards, Walaa Abdel Razzak -----Original Message----- From: Jared Mauch [mailto:ja...@puck.nether.net] Sent: Sun 18/10/2009 21:08 To: Walaa Abdel razzak Cc: <juniper-nsp@puck.nether.net> Subject: Re: [j-nsp] is it an attack or not? Do you filter ssh connections to authorized ip ranges? Jared Mauch On Oct 18, 2009, at 1:57 PM, "Walaa Abdel razzak" <wala...@bmc.com.sa> wrote: > Hi Experts > > I am getting this message on my router log, is it means an attack or > something perforemed by router itself: > > Oct 18 09:25:16 M320-01-re0 re1 mgd[33869]: %INTERACT-6- > UI_JUNOSCRIPT_CMD: User '(unauthenticated user)' used JUNOScript > client to run command 'request-authentication user=root logname=root > host=M320-01-re0 agent=mgd current-directory=/var/tmp pid=62180 > ppid=1145' > > Best Regards, > Walaa Abdel Razzak > _______________________________________________ > juniper-nsp mailing list juniper-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/juniper-nsp _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp