Jump to content


Photo

Authentication Failure in Log


  • Please log in to reply
49 replies to this topic

#1 Spencer

Spencer
  • Members
  • 1 posts

Posted 04 December 2013 - 09:39 AM

Hello,

 

Upon reviewing the log in my Barracuda Spam and Virus Firewall I noticed a total of 256 "Authentication Failure (-[-])" entries all originating from the same ip address (212.248.169.36)(This address traces back to Great Britain) in a matter of 2 minutes.

 

I have never seen this type of entry before in the logs. My questions are:

 

A. What exactly is this user/bot attempting to do?

B. is this something I need to worry about?

 

Thanks!

 

 



#2 Brad

Brad
  • Members
  • 1 posts

Posted 04 December 2013 - 03:19 PM

I am seeing the same thing only from a Brazilian ADSL IP address 177.189.219.19 with more 5000 over a 4 hour period. I am curious as to what this is as well and if it is something to be worried about.



#3 mheller

mheller

    Nobody

  • Moderators
  • 1,299 posts
  • LocationSan Jose, CA

Posted 05 December 2013 - 12:00 PM

Hello guys,

 

these would be the bots attempting to perform a SMTP AUTH session to your systems. We expect to have a function to block these after so many failure attempts in a firmware release shortly!



Matthew Willson-Heller
Support Escalation Manager, US

Barracuda Networks Inc.
Phone: +1 408.342.5300 x5346
Fax: +1 408.342.1061
Web: www.barracudanetworks.com



#4 NPKAdmin

NPKAdmin
  • Members
  • 1 posts

Posted 14 February 2014 - 09:04 AM

Any update on this as we are getting them regularly (at least a few times a day). Especially since it makes going through the logs a whole lot more difficult since there are times where you can scroll through a few pages to get to anything meaningful.



#5 mheller

mheller

    Nobody

  • Moderators
  • 1,299 posts
  • LocationSan Jose, CA

Posted 14 February 2014 - 10:14 AM

Hello,

 

This is feature # BNSF-6029 slated for 6.1.2 firmware currently and has already been committed for QA checking, so there is a light at the end of this soon!



Matthew Willson-Heller
Support Escalation Manager, US

Barracuda Networks Inc.
Phone: +1 408.342.5300 x5346
Fax: +1 408.342.1061
Web: www.barracudanetworks.com



#6 Mark

Mark
  • Members
  • 1 posts

Posted 18 June 2014 - 10:08 AM

Has this been released yet?  

 

Is this something that we should be worried about?  I logged in to do a routine check and found hundreds, if not thousands, of these entries.  In some cases as many as 5-10 per minute.



#7 mheller

mheller

    Nobody

  • Moderators
  • 1,299 posts
  • LocationSan Jose, CA

Posted 20 June 2014 - 09:37 AM

Hi mark,

 

It appears this failed in QA triage so it was backed out and further implementation is being done for this. It is now currently scheduled for 7.1 time frame

 

sorry for the delays!



Matthew Willson-Heller
Support Escalation Manager, US

Barracuda Networks Inc.
Phone: +1 408.342.5300 x5346
Fax: +1 408.342.1061
Web: www.barracudanetworks.com



#8 Frank Pineau

Frank Pineau
  • Members
  • 5 posts

Posted 21 June 2014 - 12:18 AM

The "light at the end of the tunnel" post was four months ago, and now it's not slated until the next major revision.  Any idea on a time frame for that?  I don't even use my spam filter for outbound and it's still getting hammered.



#9 mheller

mheller

    Nobody

  • Moderators
  • 1,299 posts
  • LocationSan Jose, CA

Posted 23 June 2014 - 08:09 AM

7.1 is scheduled around December/2014 at this time



Matthew Willson-Heller
Support Escalation Manager, US

Barracuda Networks Inc.
Phone: +1 408.342.5300 x5346
Fax: +1 408.342.1061
Web: www.barracudanetworks.com



#10 christian ljubicic

christian ljubicic
  • Members
  • 13 posts

Posted 24 June 2014 - 05:20 AM

When can we expect 6.1.2.002 to be General Release.



#11 mheller

mheller

    Nobody

  • Moderators
  • 1,299 posts
  • LocationSan Jose, CA

Posted 24 June 2014 - 08:05 AM

Hello christian,

 

ideally in the next 3 weeks



Matthew Willson-Heller
Support Escalation Manager, US

Barracuda Networks Inc.
Phone: +1 408.342.5300 x5346
Fax: +1 408.342.1061
Web: www.barracudanetworks.com



#12 Frank Pineau

Frank Pineau
  • Members
  • 5 posts

Posted 24 June 2014 - 07:52 PM

7.1 is scheduled around December/2014 at this time

 

Ooof.  That's a long time to wait for mitigation of this problem.  With 94-96% of all inbound SMTP connections being spam, attacks, or viruses, maybe it's about time I convince the suits that we should just quit using e-mail altogether!



#13 mheller

mheller

    Nobody

  • Moderators
  • 1,299 posts
  • LocationSan Jose, CA

Posted 25 June 2014 - 08:57 AM

While certainly an inconvenience, I am confused how this is affecting your spam accuracy and would eagerly assist in any spam getting through scenarios you may be facing!



Matthew Willson-Heller
Support Escalation Manager, US

Barracuda Networks Inc.
Phone: +1 408.342.5300 x5346
Fax: +1 408.342.1061
Web: www.barracudanetworks.com



#14 Frank Pineau

Frank Pineau
  • Members
  • 5 posts

Posted 25 June 2014 - 02:00 PM

While certainly an inconvenience, I am confused how this is affecting your spam accuracy and would eagerly assist in any spam getting through scenarios you may be facing!

 

It's not affecting the accuracy.  The Barracuda spam filter is still as awesome as ever.  But the traffic is hammering the circuit and filling up my logs.  I'm just suggesting that maybe e-mail (as a whole) has reached the end of its useful life if we're spending this much time and effort just to filter out the tiny amount of legitimate mail from all the noise.



#15 mheller

mheller

    Nobody

  • Moderators
  • 1,299 posts
  • LocationSan Jose, CA

Posted 25 June 2014 - 02:26 PM

ahh I do agree with the email medium reaching a point of under featured for todays uses,  over abused,  and under managed as a whole, interested to see what the future inspires :)

 

 

this was a great article I had remembered reading in spring on this topic

 

 

http://www.workintelligent.ly/information/trends-information/the-end-of-email/



Matthew Willson-Heller
Support Escalation Manager, US

Barracuda Networks Inc.
Phone: +1 408.342.5300 x5346
Fax: +1 408.342.1061
Web: www.barracudanetworks.com



#16 opjose

opjose
  • Members
  • 249 posts
  • LocationWashington D.C. Area

Posted 15 September 2014 - 04:46 PM

I regularly see tens of thousands of these entries a day.

 

I wish the system would HoneyPot/Tarpit the senders. With our old system that would make them go elsewhere.



#17 alexlutor

alexlutor
  • Members
  • 2 posts

Posted 24 September 2014 - 09:56 AM

I registered to chime in that I also get these messages in my logs. Can't we have some type of function like flood control? It already has Rate Control for incoming emails, but nothing for authentication!



#18 mheller

mheller

    Nobody

  • Moderators
  • 1,299 posts
  • LocationSan Jose, CA

Posted 24 September 2014 - 10:31 AM

hi folks,

 

this request # is BNSF-20369 and is slated for 7.x firmware in the future here



Matthew Willson-Heller
Support Escalation Manager, US

Barracuda Networks Inc.
Phone: +1 408.342.5300 x5346
Fax: +1 408.342.1061
Web: www.barracudanetworks.com



#19 Brian Hoops

Brian Hoops
  • Members
  • 8 posts

Posted 12 November 2014 - 11:07 AM

Matthew, thanks for the information.  Can you confirm that the release is still slated for December?  We're getting nailed with these, and although we can filter them out of the log, it's still troubling that an IP can perform thousands of exploit attempts overnight and there's nothing we can do about it except manually block the IP when we come in to the office in the morning.



#20 mheller

mheller

    Nobody

  • Moderators
  • 1,299 posts
  • LocationSan Jose, CA

Posted 12 November 2014 - 11:19 AM

Hi Brian,

 

While the request is still slated for 7.1, it won't be December currently. We anticipate around early spring 2015 currently 



Matthew Willson-Heller
Support Escalation Manager, US

Barracuda Networks Inc.
Phone: +1 408.342.5300 x5346
Fax: +1 408.342.1061
Web: www.barracudanetworks.com