Reset Search
 

 

Article

5.02a code VDX: Large number of unsuccessful login attempts can cause last_login file to grow, causing disk space issue on Management modules?

« Go Back

Information

 
Title5.02a code VDX: Large number of unsuccessful login attempts can cause last_login file to grow, causing disk space issue on Management modules?
Question
VDX 8770 Management module andother platforms. Issue is seen with code versions of 5.02a and lower codes.

5.02a code andlower code VDX: A large number of unsuccessful login attempts can cause last_login file to grow, causing disk space issues on Management modulesandan unexpected reload. If the Rbridge has a large number of unsuccessful login attempts, A high rate of REST API requests can occurdue tomore login attempts and may cause the VDX switch to run out of disk spaceand eventually, unexpectedly reload.

Environment
Answer
The customer needs to upgrade to the code having the fix for defect DEFECT000560834 orapply the workaroundto empty the last_login file for recovery. The defect is fixed in 5.02a1 code and will resolve the issue.

Recovery workaround to empty the last_login file andrecovertelnet/ssh is as follows:

Per defect 560834, the last_login file usually grows due to a DOS attack with failed ssh login attempts.

Recovery Workaround to empty the file:

cp /dev/null /etc/fabos/last_login
or
cat /dev/null > /etc/fabos/last_login


In such a situation, telnet/ssh can be shutdown. However, if you would like to selectively shutdown telnet/ssh in default-vrfand keep it enabled in mgmt.-vrf, then we have built script restrict_ssh for that purpose.

Installing the script:
- Using FTP, copy the script in your flash default dir
- Login as rootand the flash default dir is
/var/config/vcs/scripts/
- Move this script to /scripts directory

Executing the script:

sw0# execute-script restrict_ssh -a 10.18.245.160 >>>>CLI to addIP address to permit for ssh
sw0# execute-script restrict_ssh -s >>>>CLI to showIP address configured
ListenAddress 10.18.245.160
sw0# execute-script restrict_ssh -d 10.18.245.160 >>>>CLI to delIP address configured
sw0# execute-script restrict_ssh h >>>>CLI to display help content on how to use the script


Additional notes

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255