un switch de cisco estava donant aquest comportament pel registre de ossim - alienvault
New Event ticket url url url url snort: "ET POLICY Outbound TFTP Read Request" 2013-10-15 17:38:38 alienvault
Host-192-168-130-19:52881
255.255.255.255:69
[2 -> 2]
New Event ticket url url url url snort: "ET POLICY Outbound TFTP Read Request" 2013-10-15 17:38:35 alienvault
Host-192-168-130-19:52881
255.255.255.255:69
[2 -> 2]
New Event ticket url url url url snort: "ET POLICY Outbound TFTP Read Request" 2013-10-15 17:38:31 alienvault
Host-192-168-130-19:52881
255.255.255.255:69
[2 -> 2]
connectant al mateix via telnet i mirant el log
show log
Switch-ciscorack1.3#show log
Syslog logging: enabled (0 messages dropped, 0 messages rate-limited, 0 flushes, 0 overruns, xml disabled, filtering disabled)
No Active Message Discriminator.
No Inactive Message Discriminator.
Console logging: level debugging, 14548 messages logged, xml disabled,
filtering disabled
Monitor logging: level debugging, 0 messages logged, xml disabled,
filtering disabled
Buffer logging: level debugging, 14548 messages logged, xml disabled,
filtering disabled
Exception Logging: size (4096 bytes)
Count and timestamp logging messages: disabled
File logging: disabled
Persistent logging: disabled
Trap logging: level informational, 14551 message lines logged
Log Buffer (4096 bytes):
AILURE: System config parse from (tftp://255.255.255.255/cisconet.cfg) failed
*Mar 26 03:07:40.164: %SYS-4-CONFIG_RESOLVE_FAILURE: System config parse from (tftp://255.255.255.255/switch-ciscorack1.3-confg) failed
*Mar 26 03:08:04.349: %SYS-4-CONFIG_RESOLVE_FAILURE: System config parse from (tftp://255.255.255.255/switch-c.cfg) failed
*Mar 26 03:17:24.750: %SYS-4-CONFIG_RESOLVE_FAILURE: System config parse from (tftp://255.255.255.255/network-confg) failed
*Mar 26 03:17:48.959: %SYS-4-CONFIG_RESOLVE_FAILURE: System config parse from (tftp://255.255.255.255/cisconet.cfg) failed
*Mar 26 03:18:28.570: %SYS-4-CONFIG_RESOLVE_FAILURE: System config parse from (tftp://255.255.255.255/switch-ciscorack1.3-confg) failed
*Mar 26 03:18:52.755: %SYS-4-CONFIG_RESOLVE_FAILURE: System config parse from (tftp://255.255.255.255/switch-c.cfg) failed
*Mar 26 03:28:13.181: %SYS-4-CONFIG_RESOLVE_FAILURE: System config parse from (tftp://255.255.255.255/network-confg) failed
*Mar 26 03:28:37.373: %SYS-4-CONFIG_RESOLVE_FAILURE: System config parse from (tftp://255.255.255.255/cisconet.cfg) failed
*Mar 26 03:29:16.968: %SYS-4-CONFIG_RESOLVE_FAILURE: System config parse from (tftp://255.255.255.255/switch-ciscorack1.3-confg) failed
*Mar 26 03:29:41.177: %SYS-4-CONFIG_RESOLVE_FAILURE: System config parse from (tftp://255.255.255.255/switch-c.cfg) failed
*Mar 26 03:39:01.586: %SYS-4-CONFIG_RESOLVE_FAILURE: System config parse from (tftp://255.255.255.255/network-confg) failed
a part d'estar fora d'horari no era capaç de trovar aquesta petició tftp al port 69 de manera continua.
Switch-ciscorack1.3#show log
Syslog logging: enabled (0 messages dropped, 0 messages rate-limited, 0 flushes, 0 overruns, xml disabled, filtering disabled)
No Active Message Discriminator.
finalment provo de parar-ho
Switch-ciscorack1.3(config)#no service config
ja aprofito i el poso en hora
Switch-ciscorack1.3#clock set 18:48:23 Octover 18 2013
^
% Invalid input detected at '^' marker.
Switch-ciscorack1.3#clock set 18:48:23 October 18 2013
que burro, October va en B, confirmo
Switch-ciscorack1.3#show clock
18:48:42.537 UTC Fri Oct 18 2013
Subscriure's a:
Comentaris del missatge (Atom)
Entrades
Cap comentari:
Publica un comentari a l'entrada