Looking for documentation? Check out our new learning center!
AlienVault v4.5 Released! Download here

It appears AlienVault is sending malformed SSH traffic to itself

The OSSIM (4.1) configuration includes two active interfaces, one in 149.48.228.0/24 and one in 10.168.200.0/24. It appears the 149.48.228.0/24 interface (149.48.228.119) is not sending the appropriate SSH headers to the other interface. These create alarms. Any thoughts about how to avoid these alarms?

Dec 17 13:47:24 sim-ossim-01 sshd[19553]: Did not receive identification string from 149.48.228.119 

Best Answer

Answers

Sign In or Register to comment.