empty username
7 views
Skip to first unread message
codcodoe
Jul 18, 2025, 3:29:34 AMJul 18
to Event-Driven Servers
Hi Marc,
The NAS device frequently attempts to connect to the Tacacs+ Server to check if it is functioning properly. However, the excessive number of these attempts results in too many meaningless connections. Is there a way to reject or block such connection behavior?
122495: 15:11:34.624 4/001549f0: 172.29.195.114 ---<start packet>---
122495: 15:11:34.624 4/001549f0: 172.29.195.114 key used: xxx
122495: 15:11:34.624 4/001549f0: 172.29.195.114 version: 192, type: 1, seq no: 1, flags: unencrypted
122495: 15:11:34.624 4/001549f0: 172.29.195.114 session id: 001549f0, data length: 17
122495: 15:11:34.624 4/001549f0: 172.29.195.114 packet body (len: 17):
122495: 15:11:34.624 4/001549f0: 172.29.195.114 0000 01 01 01 01 00 04 05 00 74 74 79 30 61 73 79 6e ........ tty0asyn
122495: 15:11:34.624 4/001549f0: 172.29.195.114 0010 63 c
122495: 15:11:34.624 4/001549f0: 172.29.195.114 AUTHEN/START, priv_lvl=1
122495: 15:11:34.624 4/001549f0: 172.29.195.114 action=login (1)
122495: 15:11:34.624 4/001549f0: 172.29.195.114 authen_type=ascii (1)
122495: 15:11:34.624 4/001549f0: 172.29.195.114 service=login (1)
122495: 15:11:34.624 4/001549f0: 172.29.195.114 user_len=0 port_len=4 rem_addr_len=5
122495: 15:11:34.624 4/001549f0: 172.29.195.114 data_len=0
122495: 15:11:34.624 4/001549f0: 172.29.195.114 user (len: 0):
122495: 15:11:34.624 4/001549f0: 172.29.195.114 port (len: 4): tty0
122495: 15:11:34.624 4/001549f0: 172.29.195.114 rem_addr (len: 5): async
122495: 15:11:34.624 4/001549f0: 172.29.195.114 data (len: 0):
122495: 15:11:34.624 4/001549f0: 172.29.195.114 ---<end packet>--
122495: 15:11:34.624 4/001549f0: 172.29.195.114 authen: hdr->seq_no: 1
122495: 15:11:34.624 4/001549f0: 172.29.195.114 Writing AUTHEN/GETUSER size=62
122495: 15:11:34.624 4/001549f0: 172.29.195.114 ---<start packet>---
122495: 15:11:34.624 4/001549f0: 172.29.195.114 key used: xxx
122495: 15:11:34.624 4/001549f0: 172.29.195.114 version: 192, type: 1, seq no: 2, flags: unencrypted
122495: 15:11:34.624 4/001549f0: 172.29.195.114 session id: 001549f0, data length: 50
122495: 15:11:34.624 4/001549f0: 172.29.195.114 packet body (len: 50):
122495: 15:11:34.624 4/001549f0: 172.29.195.114 0000 04 00 00 2c 00 00 57 65 6c 63 6f 6d 65 2c 20 79 ...,..We lcome, y
122495: 15:11:34.624 4/001549f0: 172.29.195.114 0010 6f 75 27 72 65 20 63 6f 6d 69 6e 67 20 66 72 6f ou're co ming fro
122495: 15:11:34.624 4/001549f0: 172.29.195.114 0020 6d 20 61 73 79 6e 63 0a 55 73 65 72 6e 61 6d 65 m async. Username
122495: 15:11:34.624 4/001549f0: 172.29.195.114 0030 3a 20 :
122495: 15:11:34.624 4/001549f0: 172.29.195.114 AUTHEN, status=4 (AUTHEN/GETUSER) flags=0x0
122495: 15:11:34.624 4/001549f0: 172.29.195.114 msg_len=44, data_len=0
122495: 15:11:34.624 4/001549f0: 172.29.195.114 msg (len: 44): Welcome, you're coming from async\nUsername:
122495: 15:11:34.624 4/001549f0: 172.29.195.114 data (len: 0):
122495: 15:11:34.624 4/001549f0: 172.29.195.114 ---<end packet>---
122495: 15:12:04.624 4/001549f0: 172.29.195.114 ---<start packet>---
122495: 15:12:04.624 4/001549f0: 172.29.195.114 key used: chtfttx
122495: 15:12:04.624 4/001549f0: 172.29.195.114 version: 192, type: 1, seq no: 3, flags: unencrypted
122495: 15:12:04.624 4/001549f0: 172.29.195.114 session id: 001549f0, data length: 23
122495: 15:12:04.624 4/001549f0: 172.29.195.114 packet body (len: 23):
122495: 15:12:04.624 4/001549f0: 172.29.195.114 0000 00 00 00 12 01 55 73 65 72 20 49 6e 70 75 74 20 .....Use r Input
122495: 15:12:04.624 4/001549f0: 172.29.195.114 0010 54 69 6d 65 6f 75 74 Timeout
122495: 15:12:04.624 4/001549f0: 172.29.195.114 AUTHEN/CONT user_msg_len=0, user_data_len=18
122495: 15:12:04.624 4/001549f0: 172.29.195.114 user_msg (len: 0):
122495: 15:12:04.624 4/001549f0: 172.29.195.114 user_data (len: 18): User Input Timeout
122495: 15:12:04.624 4/001549f0: 172.29.195.114 ---<end packet>---
122495: 15:12:04.624 4/001549f0: 172.29.195.114 authen: hdr->seq_no: 3
122495: 15:12:04.624 4/001549f0: 172.29.195.114 aborted by request (User Input Timeout) from async on tty0 aborted by request
122495: 15:11:34.624 4/001549f0: 172.29.195.114 Writing AUTHEN/GETUSER size=62
122495: 15:11:34.624 4/001549f0: 172.29.195.114 ---<start packet>---
122495: 15:11:34.624 4/001549f0: 172.29.195.114 key used: xxx
122495: 15:11:34.624 4/001549f0: 172.29.195.114 version: 192, type: 1, seq no: 2, flags: unencrypted
122495: 15:11:34.624 4/001549f0: 172.29.195.114 session id: 001549f0, data length: 50
122495: 15:11:34.624 4/001549f0: 172.29.195.114 packet body (len: 50):
122495: 15:11:34.624 4/001549f0: 172.29.195.114 0000 04 00 00 2c 00 00 57 65 6c 63 6f 6d 65 2c 20 79 ...,..We lcome, y
122495: 15:11:34.624 4/001549f0: 172.29.195.114 0010 6f 75 27 72 65 20 63 6f 6d 69 6e 67 20 66 72 6f ou're co ming fro
122495: 15:11:34.624 4/001549f0: 172.29.195.114 0020 6d 20 61 73 79 6e 63 0a 55 73 65 72 6e 61 6d 65 m async. Username
122495: 15:11:34.624 4/001549f0: 172.29.195.114 0030 3a 20 :
122495: 15:11:34.624 4/001549f0: 172.29.195.114 AUTHEN, status=4 (AUTHEN/GETUSER) flags=0x0
122495: 15:11:34.624 4/001549f0: 172.29.195.114 msg_len=44, data_len=0
122495: 15:11:34.624 4/001549f0: 172.29.195.114 msg (len: 44): Welcome, you're coming from async\nUsername:
122495: 15:11:34.624 4/001549f0: 172.29.195.114 data (len: 0):
122495: 15:11:34.624 4/001549f0: 172.29.195.114 ---<end packet>---
122495: 15:12:04.624 4/001549f0: 172.29.195.114 ---<start packet>---
122495: 15:12:04.624 4/001549f0: 172.29.195.114 key used: chtfttx
122495: 15:12:04.624 4/001549f0: 172.29.195.114 version: 192, type: 1, seq no: 3, flags: unencrypted
122495: 15:12:04.624 4/001549f0: 172.29.195.114 session id: 001549f0, data length: 23
122495: 15:12:04.624 4/001549f0: 172.29.195.114 packet body (len: 23):
122495: 15:12:04.624 4/001549f0: 172.29.195.114 0000 00 00 00 12 01 55 73 65 72 20 49 6e 70 75 74 20 .....Use r Input
122495: 15:12:04.624 4/001549f0: 172.29.195.114 0010 54 69 6d 65 6f 75 74 Timeout
122495: 15:12:04.624 4/001549f0: 172.29.195.114 AUTHEN/CONT user_msg_len=0, user_data_len=18
122495: 15:12:04.624 4/001549f0: 172.29.195.114 user_msg (len: 0):
122495: 15:12:04.624 4/001549f0: 172.29.195.114 user_data (len: 18): User Input Timeout
122495: 15:12:04.624 4/001549f0: 172.29.195.114 ---<end packet>---
122495: 15:12:04.624 4/001549f0: 172.29.195.114 authen: hdr->seq_no: 3
122495: 15:12:04.624 4/001549f0: 172.29.195.114 aborted by request (User Input Timeout) from async on tty0 aborted by request
Marc Huber
Jul 18, 2025, 11:11:29 AMJul 18
to event-driv...@googlegroups.com
Hi,
no, the daemon has no way to differentiate between legitimate sessions and mere keepalives. You could perhaps split your config to use a secondary realm specific to your NAS, with logging disabled. This would of course drop all logs from the NAS.
Cheers,
Marc
On 18.07.2025 09:29, codcodoe wrote:
Hi Marc,
The NAS device frequently attempts to connect to the Tacacs+ Server to check if it is functioning properly. However, the excessive number of these attempts results in too many meaningless connections. Is there a way to reject or block such connection behavior?
<snip>
Reply all
Reply to author
Forward
0 new messages