• Support
  • Forums
  • Blogs

It appears AlienVault is sending malformed SSH traffic to itself

srdropperssrdroppers

Entry Level
The OSSIM (4.1) configuration includes two active interfaces, one in 149.48.228.0/24 and one in 10.168.200.0/24. It appears the 149.48.228.0/24 interface (149.48.228.119) is not sending the appropriate SSH headers to the other interface. These create alarms. Any thoughts about how to avoid these alarms?

Dec 17 13:47:24 sim-ossim-01 sshd[19553]: Did not receive identification string from 149.48.228.119 

Share post:

This discussion has been closed.