Results 1 to 4 of 4
  1. #1
    Join Date
    Nov 2020

    Default Untangle Alert "Suspicious Activity: Client created many SSH sessions"


    need help:- our IP (mask IP )

    System: Untangle
    Event: SessionEvent
    Event Time: 2020-11-17 12:23:53.451.
    Event Summary:
    Session [TCP] ->
    Event Details:
    bypassed = true
    c client addr =
    c client port = 8596
    c server addr =
    c server port = 22
    client intf = 0
    entitled = true
    hostname =
    local addr =
    policy id = 0
    protocol = 6
    protocol name = TCP
    remote addr =
    s client addr =
    s client port = 8596
    s server addr =
    s server port = 22
    server intf = 0
    session id = 105215217296587
    time stamp = 2020-11-17 12:23:53.451

    How to solve this issue in Untangle firewall (Suspicious Activity: Client created many SSH sessions)

  2. #2
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Phoenix, AZ


    You need to stop the SSH sessions... ->

    That means (China)

    Is connecting to ssh on (AWS)

    So the question becomes, is this traffic normal? If so... then you ignore the alert. If it's not, then well... To advise further I'd need to know which of those addresses is in your control.
    Rob Sandling, BS:SWE, MCP
    Phone: 866-794-8879 x201

  3. #3
    Untangle Ninja Jim.Alles's Avatar
    Join Date
    Jul 2008
    Central PA

    Talking Welcome Untangle, and the forums!

    Quote Originally Posted by sky-knight View Post
    You need to stop the SSH sessions... ->
    Agree, full stop.

    You picked an IP address that threw an alert on the forum. That isn't the best way to 'conceal' your IP address. It also isn't correct use of the term 'mask'. So much for clearing up confusion.

    You have control over that machine, you have to investigate it.

  4. #4
    Join Date
    Nov 2019


    Interesting, I've got tonight the same message also with an address from China to my device on local lan.......I've disabled now SSH since it's not needed for me!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts

SEO by vBSEO 3.6.0 PL2