Wednesday, February 17, 2016

Brute force attack on ESX

Below is a example of a brute force attack that was detected on one of our clients ESXi hosts. It's important to understand that these kind of servers should never have direct access to the internet. they should be behind a dmz zone and some kind of firewall.

If the server requires access from the outside its best to use a white list. by doing so only the correct IP's can connect to the host.  

In this example you can see from the Events log within ESXi that someone from India was trying to get in using the root account.

This link has some great info on this problem.

No comments:

Post a Comment