Getty spamming log file .. another question
-
https://forum.pfsense.org/index.php?topic=32514.0
question related to the post above..
as stated in the post from 2011…i am on 2.1.2 nanobsd .. and this just started to happen when i plugged in my console cable to my console connection switch (MRV 00A909C-00308 model)i have yet to really configure my console connection switch for serial access to all of my network devices (and some servers), but i am curious...is this some sort of an attack? i am NOT allowing incoming connections for serial.
attached is a snapshot of recent logs...(note: my root password is not set as the default one..and the password i use is 15+ chars long so i highly doubt anyone could run a bruteforce attack on it and get the right password...the password is unpronounceable language with special chars and uppper/lower case.)
so..what is this...and why?
it only stopped after i disconnected my cable from the console port (watchguard XTM 1050...anyone needing a box that can handle a huge amount of traffic..try to find one without the watchguard ios on it...and install amd64 nanobsd on it. load levels are at 0.15, 0.17, 0.12 currently..its a very nice peice of machinery...alas i digress)i searched, but what i found really didnt give me a solid answer for this issue. any suggestions?
-
Generally this is caused by something sending data to the serial port while getty is running. getty is expecting nothing but username/password pairs but seeing 'garbage' from your console switch. This is a unix thing, not a pfSense thing …
I can't speak to the apparently successful logins shown in your logs. Are you saying the logins are false positives, and you didn't really log in at those times?
-
It's probably the serial console constantly reloading the menu. When the menu reloads it shows as a login event. If getty is restarting, then it may be causing the menu to restart as well.
Sometimes that can be due to a corrupt getty file or similar. I know we've offered suggestions for that one in the past here on the forum.
-
Generally this is caused by something sending data to the serial port while getty is running. getty is expecting nothing but username/password pairs but seeing 'garbage' from your console switch. This is a unix thing, not a pfSense thing …
I can't speak to the apparently successful logins shown in your logs. Are you saying the logins are false positives, and you didn't really log in at those times?
that is correct…i am NOT trying to login at any of those times, and NO ONE knows my password except myself, and console access from the outside is not allowed.
since i unplugged my console switch....nada....
i will look into the console switch config...