I just set up a new logging server on a asa firewall that's been in place a while, and I see this behavior:
One 113015 failure alert, user root, authentication failed, invalid password
Two 611102 user root, authentication failed
But that's it...is there any way to see what the source of these alarts is? I can't even tell if they are coming from inside or outside, much less a specific IP or something. We use an AAA policy to authenticate outgoing HTTP and HTTPS traffic, and most of the time when we get failures we can track it down by the username, but in this case I've had 3,000 failed attempts in five days (I have no idea how long it's been going on, because the old syslog server wasn't working properly, hence the new one)
So right now I'm just trying to track down where these logon attempts are coming from, then I can figure out whether it is an attack or just some sort of misconfigured device trying to get out (or in).
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...