A brute force attempt (or attack) to the administrator account login may be diagnosed by the following logs events, seen repetitively and/or in quantity (assuming Event log and Admin events are enabled) :
Administrator root login failed from ssh(xxx.xxx.xxx.xxx) because of invalid user name
...and after a few failed log messages the following message will be seen:
Login disabled from IP xxxx for 60 seconds because of too many bad attempts
In most cases these logon attempts are generated by automatic hacker tools running on many compromised computers and scanning for live ssh targets in order to exploit known vulnerabilities or/and perform password brute force.
This article provides some tips as to how to avoid this.
config system global set admin-lockout-duration 600 end |
Related Articles
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.