[logs] Re: Netscreen logs

• Previous message: Edward Sargisson: "[logs] Re: regex-less parsing of messages"
• In reply to: Lu Daohong: "[logs] Netscreen logs"
• Next in thread: Nico Baggus: "[logs] Re: Netscreen logs"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


We have some netscreen.
Never seen these messages.

Looks somebody is trying to tamper your netscreen firewall.

Are you managing your netscreen with NetScreen Security Manager?
If this is true, maybe somebody who is using the NSM application is 
configuring the device.

Greetz,
Karl

On Wed, 7 
Dec 
2005, Lu Daohong wrote:

> Found these logs from a netscreen firewall seems malicious, somebody seen these:
>
> 1:Nov 30 18:01:53 xx.xx.xx.xx ns204: NetScreen device_id=ns204
> [Root]system-critical-00027: 2nd push has been confirmed. (2005-11-30
> 17:56:44)
>
> 2:Nov 30 18:01:59 xx.xx.xx.xx  ns204: NetScreen device_id=ns204
> [Root]system-critical-00027: Configuration Erase sequence accepted,
> unit reset.   (2005-11-30 17:56:50)
>
> 3:Nov 30 18:01:59 xx.xx.xx.xx  ns204: NetScreen device_id=ns204
> [Root]system-notification-00033: NSM keys were deleted. (2005-11-30
> 17:56:50)
>
> Thanks in advance!
>
> --
> Lu Daohong
> _______________________________________________
> LogAnalysis mailing list
> LogAnalysis@private
> http://lists.shmoo.com/mailman/listinfo/loganalysis
>

- -- 

MSN Messenger: klri@private

___________________________________________________________________________
The information transmitted is intended only for the person or entity to
which it is addressed and may contain confidential and/or privileged
material.  Any review, retransmission, dissemination or other use of, or
taking of any action in reliance upon, this information by persons or
entities other than the intended recipient is prohibited.   If you received
this in error, please contact the sender and delete the material from any
computer.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)

iD8DBQFDlzueEAkeW+u0uP0RAkvPAKCXrrBqBZkoSqW6b3b8PCgtTOhDCgCgmNGt
EIALUcKFwLAXVGCTwSaf2mw=
=6GiM
-----END PGP SIGNATURE-----
_______________________________________________
LogAnalysis mailing list
LogAnalysis@private
http://lists.shmoo.com/mailman/listinfo/loganalysis

• Previous message: Edward Sargisson: "[logs] Re: regex-less parsing of messages"
• In reply to: Lu Daohong: "[logs] Netscreen logs"
• Next in thread: Nico Baggus: "[logs] Re: Netscreen logs"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.3 : Wed Dec 07 2005 - 18:19:31 PST